[Samba] Permission Denied
Henry McLaughlin
henry at incred.com.au
Wed Nov 25 10:05:05 UTC 2015
On 25 November 2015 at 20:27, mathias dufresne <infractory at gmail.com> wrote:
> Hi,
>
> You should post your smb.conf of that file server. You should also tell us
> what kind of domain it is, in case of domain. That should help people to
> help you.
>
> Cheers,
>
> mathias
>
> Hi and thank you for the help.
I think I have solved this however my solution is not pure.
When I create a share in Linux the owner & group is:
root:root
I had thought that this was my problem as I did not have permission to
write to the folder and had to change the group to "Domain Admins" however
this still caused the error.
What I have discovered this that regardless of the Linux permissions, when
I create a share the Windows share owner is: "root (Unix User\root)". As
long as this is the share owner in Windows I receive the permission denied
error. I have simply change the share owner to "Domain Users" in Windows
and the error goes away.
> 2015-11-25 0:00 GMT+01:00 Henry McLaughlin <henry at incred.com.au>:
>
> > I have created a [home] share:
> >
> > user at jupiter:~$ sudo ls -l /srv/samba/
> > total 24
> > drwxrwxr-x 2 root domain admins 4096 Nov 22 21:38 Demo
> > drwxrwxr-x 2 root domain admins 4096 Nov 15 11:51 Finance
> > drwxrwxr-x+ 2 root domain admins 4096 Nov 25 08:08 home
> > drwxrwxr-x+ 9 root domain admins 4096 Nov 24 21:06 Printer_drivers
> >
> > When i try to set the ACLs in Windows I get "Permission Denied"
> >
> > In Windows I am logged in as "administrator" who is a member of "Domain
> > Admins"
> >
> > user at jupiter:~$ getfacl /srv/samba/home
> > getfacl: Removing leading '/' from absolute path names
> >
> > # file: srv/samba/home
> > # owner: root
> > # group: domain\040admins
> > user::rwx
> > user:root:rwx
> > group::r-x
> > group:domain\040admins:r-x
> > mask::rwx
> > other::r-x
> > default:user::rwx
> > default:group::r-x
> > default:group:domain\040admins:rwx
> > default:mask::rwx
> > default:other::r-x
> >
> >
> > Domain Admins does have the correct privileges:
> >
> > user at jupiter:~$ net rpc rights list accounts -U'ABC\administrator'
> > Enter ABC\administrator's password:
> > BUILTIN\Print Operators
> > No privileges assigned
> >
> > BUILTIN\Account Operators
> > No privileges assigned
> >
> > BUILTIN\Backup Operators
> > No privileges assigned
> >
> > BUILTIN\Server Operators
> > No privileges assigned
> >
> > ABC\Domain Admins
> > SePrintOperatorPrivilege
> > SeDiskOperatorPrivilege
> >
> > BUILTIN\Administrators
> > SeMachineAccountPrivilege
> > ...
> > SeEnableDelegationPrivilege
> >
> > Everyone
> > No privileges assigned
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list