[Samba] program update made my shares no work anymore (ACL)
J. Echter
j.echter at echter-kuechen-elektro.de
Tue Sep 9 12:37:28 MDT 2014
Hi,
i run a few samba shares successfully with CentOS 6.5.
I have a program (CAD) hosted on this server.
Since an upgrade i have some trouble make it work again.
If a user modifys an project only this user can open the project.
What i see is (for example):
drwxrwx--- 2 admin bau 4 16. Feb 2014 test1
works
drwxrwx---+ 2 admin bau 4 27. Aug 12:58 test2
doesn't work.
getfacl test1
# file: test1
# owner: admin
# group: bau
user::rwx
group::rwx
other::---
getfacl test2
# file: test2
# owner: admin
# group: bau
user::rwx
group::rwx
group:Administrators:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:Administrators:rwx
default:mask::rwx
default:other::---
how to tell samba to set acl to the group i specified in smb.conf?
like this:
[DDS]
force group = bau
valid users = @bau @Administrators
create mode = 0770
directory mode = 0770
for test2 it should read:
group:bau:rwx
What do i do wrong?
Here's my smb.conf ([global] + [share])
[global]
domain master = yes
local master = yes
domain logons = yes
preferred master = yes
os level = 255
max protocol = SMB2
passdb backend = ldapsam:ldap://192.168.0.200
wins support = yes
idmap backend = ldap:ldap://192.168.0.200
idmap uid = 10000-15000
idmap gid = 10000-15000
ldap suffix = dc=workgroup,dc=local
ldap user suffix = ou=smb-usr
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap idmap suffix = ou=idmap
ldap admin dn = cn=admin,dc=workgroup,dc=local
ldap ssl = no
ldap passwd sync = yes
add machine script = /usr/sbin/smbldap-useradd -i -t 0 -w "%u"
add user script = /usr/sbin/smbldap-useradd -a '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -a '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = Yes
printing = bsd
netbios name = PDC
server string = PDC (samba)
workgroup = workgroup
interfaces = 192.168.0.200/24 127.0.0.1
bind interfaces only = yes
security = user
encrypt passwords = true
map to guest = bad user
guest account = nobody
logon path = \\cluster\profiles\%U
logon script = %U.bat
logon drive = H:
hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/
[DDS]
path = /DATEN/samba/shares/DDS
guest ok = no
public = no
valid users = @bau @Administrators
browseable = yes
force group = bau
read only = no
create mode = 0770
directory mode = 0770
hide unreadable = yes
any help is welcome.
cheers
juergen
More information about the samba
mailing list