[Samba] Access denied to change share security staff

Rommel Rodriguez Toirac rommelrt at nauta.cu
Thu Apr 13 18:18:16 UTC 2017 

El 13 de abril de 2017 9:56:00 GMT-04:00, Rowland Penny via samba <samba at lists.samba.org> escribió:
>On Thu, 13 Apr 2017 09:28:09 -0400
>Rommel Rodriguez Toirac via samba <samba at lists.samba.org> wrote:
>
>> 
>> I follow step by step Setting up a Share Using Windows ACLs from
>> wiki, but still I have an Access denied when try to change the
>> permissions of share or when try to change Security ACL. As sugesst
>> Rowland I do not change the permissions using Unix, just create the
>> directory/subdirectory and add the entry in /etc/smb.conf as:
>> 
>>  [compartir]
>>       path = /test/compartir/
>>       read only = no
>> 
>
>This sounds like a possible firewall or selinux/apparmor getting in the
>way problem.
>
>Rowland

Thank Rowland for answer me;
 
 I stop the SELinux and the firewall is not running:

[root at gtmpve selinux]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

[root at gtmpve selinux]# setenforce 0
setenforce: SELinux is disabled

[root at gtmpve /]# systemctl --all |grep iptables
● iptables.service                                                                                                                            not-found inactive dead      iptables.service


 I can change the permissions of share and I can change and add (or remove) the owners of that share using the Share permissions tab, but when try to change something with the Security tab there is when happen the Access denied. 
 I work in that tab, When I open it the user and group listed are: 
 
All
root (Unix User\root)
root (Unix Group\root)
CREATOR OWNER 
CREATOR GROUP

All of then just with Specials permissions set.

 When I try to add some other user or group, in the moment of Accept or Aply the system say:

 "Error trying to apply the security information to:"
 "\\GTMPVE.GTM.ONAT.GOB.CU\compartir"
 "Access denied"

And then any change happens.


Rommel Rodriguez Toirac
rommelrt at nauta.cu

More information about the samba mailing list