[Samba] Samba43 ACL's issues

Juan Garcia juan at ish.com.au
Thu Jun 23 01:18:42 UTC 2016 

On 21/06/2016 10:22 PM, Mueller wrote:
> What about this in your global section
> create mask = 770
>          force create mode = 770
>          directory mask = 770
>          force directory mode = 770
>
> Greetings
> Daniel
>

Hi Daniel, Thanks for your response. Those settings are already in my 
smb4.conf

  Global parameters
[global]
         interfaces = 192.168.1.100
         bind interfaces only = yes
	workgroup = CW1
	realm = DOMAIN.NAME.COM.AU
	netbios name = SERVER1
         server role = active directory domain controller
         dns forwarder = 192.168.1.1
         printing = bsd
         server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl, 
winbind, ntp_signd, kcc, dnsupdate, dns
         dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, 
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, 
eventlog6, backupkey, dnsserver
         restrict anonymous = 1
         vfs objects = acl_xattr
         map acl inherit = Yes
         store dos attributes = no
         unix extensions = no
         inherit acls = yes
         inherit permissions = yes
         ea support = no
         idmap_ldb:use rfc2307 = yes
         browseable= yes
         writable = yes
         read only= no
         create mask = 770
         force create mode = 770
         directory mask = 770
         force directory mode = 770

The problem is not about accessing folders, we want to be able to assign 
to an specific folder different permissions inside the same file share

Let's say I have this set up:

Share:
Public/

Subfloder:
Public/folder1

Required Permissions:
DM\user.one -> full access
DM\user.two -> readonly

So in windows with an administrator account I right click on the folder 
to assign this permissions on the Security tab, right after I hit 
"apply" I get:
An error occurred while applying security information to:
Public/folder1
The parameter is incorrect


Any ideas?

>
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
>  Email: mueller at tropenklinik.de
>  www.tropenklinik.de
>  www.bauen-sie-mit.tropenklinik.de
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Juan Garcia [mailto:juan at ish.com.au]
> Gesendet: Dienstag, 21. Juni 2016 13:47
> An: samba at lists.samba.org
> Betreff: [Samba] Samba43 ACL's issues
>
> Hi there,
>
> I'm having trouble with permissions and ACL's running samba43.
>
> I want to be able to set permissions on a folder to an specific user.
>
> I'm having a similar issue reported here https://lists.samba.org/archive/samba/2010-July/156965.html
>
> However my error message is slightly different:
>
> When I set the permission on an specific user by creating a new folder inside the share, right click -> properties -> security tab I get:
>
> An error ocurred while applying security information to:
>
> \\servername\test
>
> The parameter is incorrect
>
>
> I have tried changing the permissions manually with "chmod a+rwx /test/"
>
> But this does not look like a permissions problem this looks more like samba or some setting in smb4.con itself
>
>
> this is my smb4.conf file:
>
>   Global parameters
> [global]
>          interfaces = 192.168.1.100
>          bind interfaces only = yes
>          workgroup = CW1
>          realm = DOMAIN.NAME.COM.AU
>          netbios name = SERVER1
>          server role = active directory domain controller
>          dns forwarder = 192.168.1.1
>          printing = bsd
>          server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate, dns
>          dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
> eventlog6, backupkey, dnsserver
>          restrict anonymous = 1
>          map acl inherit = no
>          store dos attributes = yes
>          unix extensions = no
>          ea support = no
>          idmap_ldb:use rfc2307 = yes
>          browseable= yes
>          writable = yes
>          read only= no
>          create mask = 770
>          force create mode = 770
>          directory mask = 770
>          force directory mode = 770
>          kerberos method = system keytab
>          client ldap sasl wrapping = sign
>          allow dns updates = nonsecure and secure
>
> [test]
>          path = /var/fileshare/test
>          valid users = @DOMAIN.NAME.COM.AU\staff
>          guest ok = yes
>          read only = no
>
> Not sure what am I missing, I appreciate your help.
>
> Regards,
>

More information about the samba mailing list