[Samba] how to define new folders ACL

Sébastien Le Ray sebastien at orniz.org
Wed Sep 24 06:02:21 MDT 2014 

Oh… Yes, the other workaround for this is to chown the whole tree to you 
and then adjust ACL through windows UI.
Here, your setacl doesn't set the xattr forcing inheritance so I guess 
you could run into troubles later on.

Le 24/09/2014 12:05, Lorenzo Faleschini a écrit :
> the problem was that on the new folders created by users Domain 
> Administrator had no pivileges.
> so I was denied the access to those folders as admin (to set Inherit 
> ACLs)
>
> so I had to manually set those with setfacl
>
> the problem came because I rsynced the shares from old samba server 
> and did not set the default ACL before rsyncing, so the ACL thing was 
> on the wild.
>
>
> Lorenzo Faleschini
> IT Manager @ Nord Est Systems srl
> ----------------------------------------
> m: +39 335 6055225 | skype: falegalizeit
>
> Il 24/09/2014 11:56, Sébastien Le Ray ha scritto:
>> Hi,
>>
>> Or you can just check the "Inherit ACLs" in windows security tab…
>>
>> Regards
>>
>> Le 24/09/2014 11:43, Lorenzo Faleschini a écrit :
>>> i reply to myself for future reference
>>>
>>> I logged in as root on the member server and set recursively the ACL 
>>> defaults with setfacl (so the newly created folders came with this 
>>> mask)
>>>
>>> Default Owner (Read Write Execute):
>>> default:u:administrator:rwx
>>> Default Group (Read Write Execute):
>>> default:g:'domain users':rwx
>>>
>>> then forced the ownership and group of the actual directories
>>> Set Owner (Read Write Execute)
>>> u:administrator:rwx
>>> Set Group (Read Write Execute)
>>> g:'domain users':rwx
>>>
>>> in one command:
>>>
>>> setfacl -R -m default:g:'domain users':rwx,g:'domain 
>>> users':rwx,default:u:administrator:rwx,u:administrator:rwx 
>>> /PATH/TO/SHARES/
>>>
>>>
>>>
>>>
>>> Lorenzo Faleschini
>>> IT Manager @ Nord Est Systems srl
>>> ----------------------------------------
>>> m: +39 335 6055225 | skype: falegalizeit
>>>
>>> Il 23/09/2014 12:53, Lorenzo Faleschini ha scritto:
>>>> Hi folks,
>>>>
>>>> I've a working samba 4.1 DC + a 4.1 member server, winbind and UID 
>>>> GID working
>>>> I have all the shares on member server, and the UNIX permissions 
>>>> are set to 770 Administrator:DomainUsers. To rule other permissions 
>>>> I generally use the Security TAB ACLs.
>>>>
>>>> my problem is:
>>>> when a user create a new subfolder only he can access to it (and no 
>>>> other from DomainUsers), unless I change the ACL manually.
>>>> is there an option to set somewhere to mantain parent folder's ACLs?
>>>>
>>>> thanks
>>>>
>>>>
>>>> -- 
>>>>
>>>> Lorenzo Faleschini
>>>> IT Manager @ Nord Est Systems srl
>>>> ----------------------------------------
>>>> m: +39 335 6055225 | skype: falegalizeit
>>>
>

More information about the samba mailing list