[Samba] Permission Denied
L.P.H. van Belle
belle at bazuin.nl
Wed Nov 25 11:51:06 UTC 2015
If this is about problems on a member server, read on.
If its on a ADDC, then i dont know, but good info below. ;-)
( Rowland, maybe a thing to put on the wiki also, read on.. )
If you only use the share from windows machines, make your life easy.
Add : acl_xattr:ignore system acls = yes to the share.
And set the correct rights from within windows.
If you do use the shares /folders also from within linux.
Set UID/GID for all (needed) users/groups.
Use the user_mapping in samba to map root to the domain administrator,
And/or set user Administrator on the folder
now set the correct rights from withing windows.
Above can be done on ADDC or member server but there is a big differens.
Regarding.. ( more explained )
> sudo ls -l /srv/samba/
> > drwxrwxr-x 2 root domain admins 4096 Nov 15 11:51 Finance
> > drwxrwxr-x+ 2 root domain admins 4096 Nov 25 08:08 home
> When i try to set the ACLs in Windows I get "Permission Denied"
Yes, totaly correct, i assum you did read:
https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
which says,
# chmod g=rwx /srv/samba/Demo/
# chgrp "Domain Admins" /srv/samba/Demo/
But this example is done on a addc server, and not on a member server.
On a ADDC user Administrator is automaticly mapped to root,
id administrator on addc results in UID 0 and imo most important info,
is missing on the wiki.
I also assume your doing this on a member server.
Which is ok also, but in the 2 ls example above.
drwxrwxr-x 2 root domain admins
does not work an a member server without the user mapping or a bit different rights.
So set Adminstrator:"domain admins" on this folder OR use the user mapping.
And make user that /srv/samba at least has 2775 rights.
And maybe a chgrp "Domain Admins" /srv/samba
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
> Verzonden: woensdag 25 november 2015 11:30
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Permission Denied
>
> On 24/11/15 23:00, Henry McLaughlin wrote:
> > I have created a [home] share:
> >
> > user at jupiter:~$ sudo ls -l /srv/samba/
> > total 24
> > drwxrwxr-x 2 root domain admins 4096 Nov 22 21:38 Demo
> > drwxrwxr-x 2 root domain admins 4096 Nov 15 11:51 Finance
> > drwxrwxr-x+ 2 root domain admins 4096 Nov 25 08:08 home
> > drwxrwxr-x+ 9 root domain admins 4096 Nov 24 21:06 Printer_drivers
> >
> > When i try to set the ACLs in Windows I get "Permission Denied"
> >
> > In Windows I am logged in as "administrator" who is a member of "Domain
> > Admins"
> >
> > user at jupiter:~$ getfacl /srv/samba/home
> > getfacl: Removing leading '/' from absolute path names
> >
> > # file: srv/samba/home
> > # owner: root
> > # group: domain\040admins
> > user::rwx
> > user:root:rwx
> > group::r-x
> > group:domain\040admins:r-x
> > mask::rwx
> > other::r-x
> > default:user::rwx
> > default:group::r-x
> > default:group:domain\040admins:rwx
> > default:mask::rwx
> > default:other::r-x
> >
> >
> >
>
> OK, the unix permissions are:
>
> drwxrwxr-x+ 2 root domain admins 4096 Nov 25 08:08 home
>
> But getfacl shows two group permissions:
>
> # group: domain\040admins
> group::r-x
> group:domain\040admins:r-x
>
> Both of which shows that the group has *no* write permissions, fix this
> and it should work as expected.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list