[Samba] Cannot change directory permissions
Felix Matouschek
felix.matouschek at vipco.de
Tue Aug 4 14:29:01 UTC 2015
Hi Rowland,
I had to split smbd and winbindd config to work around some bugs in credentials offline caching.
I have a separate winbindd.conf, it looks like this:
[global]
### Network ###
netbios name = Fileserver
server string = Fileserver (%h V:%v)
### ad member ###
workgroup = INTRANET
realm = INTRANET.MYCOMPANY.DE
security = ADS
kerberos method = secrets and keytab
### WINS ###
wins server = 192.168.0.197
name resolve order = wins host bcast
### winbind config ###
winbind offline logon = yes
winbind cache time = 600
winbind enum users = yes
winbind enum groups = yes
winbind expand groups = 1
winbind nested groups = yes
winbind use default domain = yes
winbind refresh tickets = yes
winbind nss info = rfc2307
idmap config * : backend = tdb
idmap config * : range = 1000000 - 1999999
idmap config INTRANET : backend = ad
idmap config INTRANET : schema_mode = rfc2307
idmap config INTRANET : range = 5000 - 40000
### offline mode is not working without those ###
winbind normalize names = no
map untrusted to domain = no
### performance ###
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
Greetings,
Felix
-----Ursprüngliche Nachricht-----
Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny
Gesendet: Dienstag, 4. August 2015 15:17
An: samba at lists.samba.org
Betreff: Re: [Samba] Cannot change directory permissions
On 04/08/15 14:11, Felix Matouschek wrote:
> Hi Rowland,
>
> my users are known to the OS
The smb.conf you posted earlier would seem to suggest that they aren't, what does 'getent passwd <username>' produce ?
Rowland
> , they also have the correct permissions to alter the settings.
> Doing so on the CLI does work when logged in via SSH.
>
> When opening the Security Tab the users and groups are displayed, only on directories there are no checkmarks under Read, Write etc.
> I also cannot set any checkmarks for Read, Write etc.
>
> When viewing the Security Tab of a file everything works and I can see and set the checkmarks.
>
> Do you know what could be wrong?
>
> Greetings,
> Felix
>
> -----Ursprüngliche Nachricht-----
> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von
> Rowland Penny
> Gesendet: Dienstag, 4. August 2015 12:55
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Cannot change directory permissions
>
> On 04/08/15 11:46, Felix Matouschek wrote:
>> Hi Rowland,
>>
>> when saying 'I' I theoretically meant any user that has write access to the share.
>>
>> It should be possible to right click the directory in windows, the go to security tab and remove the write permissions on the directory.
>>
>> This behaviour already works with files, I'm trying to figure out how to make it also work for directories.
>>
>> Greetings,
>> Felix
>>
>> -----Ursprüngliche Nachricht-----
>> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von
>> Rowland Penny
>> Gesendet: Dienstag, 4. August 2015 11:57
>> An: samba at lists.samba.org
>> Betreff: Re: [Samba] Cannot change directory permissions
>>
>> On 04/08/15 10:07, Felix Matouschek wrote:
>>> Hello,
>>>
>>> I occasionally need to remove the write permissions from directories inside a share to prevent users from accidentally deleting files inside that directory.
>>>
>>> My problem is that I neither can view nor can change the permissions of directories on my shares.
>>> Curiously enough viewing and changing permissions of files in the same shares works without a problem.
>>>
>>> Is there anything I misconfigured?
>>>
>>> My smb.conf looks like this:
>>>
>>> [global]
>>> ### Network ###
>>> netbios name = Fileserver
>>> server string = Fileserver (%h V:%v)
>>>
>>> ### ad member ###
>>> workgroup = INTRANET
>>> realm = INTRANET.MYCOMPANY.DE
>>> security = ADS
>>> kerberos method = secrets and keytab
>>>
>>> ### WINS ###
>>> wins server = 192.168.0.197
>>> name resolve order = wins host bcast
>>>
>>> ### logins without prepending INTRANET\ ###
>>> map untrusted to domain = yes
>>>
>>> ### other settings ###
>>> unix extensions = no
>>> invalid users = root
>>>
>>> ### make exe files executable on windows without x bit ###
>>> acl allow execute always = yes
>>>
>>> ### performance ###
>>> deadtime = 10
>>> use sendfile = yes
>>> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
>>>
>>> ### prevent unwanted files ###
>>> veto files = /$RECYCLE.BIN/desktop.ini/Thumbs.db/.DS_Store/._.DS_Store/.apdisk/._.apdisk/.TemporaryItems/._.TemporaryItems/.Trashes/._.Trashes
>>> delete veto files = yes
>>>
>>> ### SHARES ###
>>>
>>> [Exchange]
>>> path = /home/nobackup/exchange
>>> guest ok = yes
>>> read only = no
>>> create mask = 660
>>> directory mask = 770
>>> force group = exchange-users
>>>
>>> Greetings,
>>> Felix
>> Hi, when you say ' I occasionally need to remove the write permissions', whom is the 'I', is this the Administrator ?
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
> I am fairly sure your problem is a misconfiguration of smb.conf, for a start have a look here:
>
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>
> To change directory settings, your users and groups need to be known to the underlying Unix OS and have the required permissions to alter the settings.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list