[Samba] how to define new folders ACL

Lorenzo Faleschini lorenzo.faleschini at nordestsystems.com
Wed Sep 24 04:05:56 MDT 2014 

the problem was that on the new folders created by users Domain 
Administrator had no pivileges.
so I was denied the access to those folders as admin (to set Inherit ACLs)

so I had to manually set those with setfacl

the problem came because I rsynced the shares from old samba server and 
did not set the default ACL before rsyncing, so the ACL thing was on the 
wild.


Lorenzo Faleschini
IT Manager @ Nord Est Systems srl
----------------------------------------
m: +39 335 6055225 | skype: falegalizeit

Il 24/09/2014 11:56, Sébastien Le Ray ha scritto:
> Hi,
>
> Or you can just check the "Inherit ACLs" in windows security tab…
>
> Regards
>
> Le 24/09/2014 11:43, Lorenzo Faleschini a écrit :
>> i reply to myself for future reference
>>
>> I logged in as root on the member server and set recursively the ACL 
>> defaults with setfacl (so the newly created folders came with this mask)
>>
>> Default Owner (Read Write Execute):
>> default:u:administrator:rwx
>> Default Group (Read Write Execute):
>> default:g:'domain users':rwx
>>
>> then forced the ownership and group of the actual directories
>> Set Owner (Read Write Execute)
>> u:administrator:rwx
>> Set Group (Read Write Execute)
>> g:'domain users':rwx
>>
>> in one command:
>>
>> setfacl -R -m default:g:'domain users':rwx,g:'domain 
>> users':rwx,default:u:administrator:rwx,u:administrator:rwx 
>> /PATH/TO/SHARES/
>>
>>
>>
>>
>> Lorenzo Faleschini
>> IT Manager @ Nord Est Systems srl
>> ----------------------------------------
>> m: +39 335 6055225 | skype: falegalizeit
>>
>> Il 23/09/2014 12:53, Lorenzo Faleschini ha scritto:
>>> Hi folks,
>>>
>>> I've a working samba 4.1 DC + a 4.1 member server, winbind and UID 
>>> GID working
>>> I have all the shares on member server, and the UNIX permissions are 
>>> set to 770 Administrator:DomainUsers. To rule other permissions I 
>>> generally use the Security TAB ACLs.
>>>
>>> my problem is:
>>> when a user create a new subfolder only he can access to it (and no 
>>> other from DomainUsers), unless I change the ACL manually.
>>> is there an option to set somewhere to mantain parent folder's ACLs?
>>>
>>> thanks
>>>
>>>
>>> -- 
>>>
>>> Lorenzo Faleschini
>>> IT Manager @ Nord Est Systems srl
>>> ----------------------------------------
>>> m: +39 335 6055225 | skype: falegalizeit
>>

More information about the samba mailing list