[Samba] Adding Share Windows ACL
Micha Ballmann
ballmann at uni-landau.de
Sat Jan 27 10:35:53 UTC 2018
Hello,
i also fired up a new vm :) and configured "rid" backend. I followed all
step in
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs.
Sett the Attributs in smb.conf:
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
Granting the SeDiskOperatorPrivilege:
# net rpc rights grant "SAMDOM\Domain Admins" SeDiskOperatorPrivilege -U
(successful after trourbleshoting)
Adding Share (i just copy and paste the example):
# mkdir -p /srv/samba/Demo/
# chown root:"Domain Admins" /srv/samba/Demo/ --> NOW WORKING BECAUSE I
SET UP RID BACKEND
# chmod 0770 /srv/samba/Demo/
smb.conf
[Demo]
path = /srv/samba/Demo/
read only = no
-> Login to Windows with administrator and connect to FILESERVER via
"Computer Management" -> Chosing Demo Share and going to security Tab ->
Regarads
Micha
Am 26.01.2018 um 16:31 schrieb Rowland Penny via samba:
> On Fri, 26 Jan 2018 14:18:53 +0000
> Rowland Penny via samba <samba at lists.samba.org> wrote:
>
>> On Fri, 26 Jan 2018 14:10:40 +0100
>> Micha Ballmann <ballmann at uni-landau.de> wrote:
>>
>>> To set share windows permissions and windows acl i login on a
>>> windows 7 computer with the administrator user.|Open ||Computer
>>> Management and connect to the fileserver. when im trying now to set
>>> acl i ve no permissions.|||||||
>>>
>> Well, I couldn't understand why it wasn't working, so I fired up a VM
>> running win7 and guess what, it doesn't work for me either, it did,
>> but it doesn't now :-(
>>
>> I will get back to you.
>>
>> Rowland
>>
> OK, I found out why it wasn't working, I was connecting to a share that
> belonged to 'root:root' with 'drwxr-xr-x' permissions.
>
> I created a new share:
>
> [data]
> path = /home/testdata
> read only = no
>
> mkdir /home/testdata
>
> getfacl /home/testdata shows this:
>
> getfacl: Removing leading '/' from absolute path names
> # file: home/testdata
> # owner: rowland
> # group: domain\040users
> user::rwx
> user:root:rwx
> group::---
> group:root:---
> group:2004:r-x
> group:2005:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:group::---
> default:group:root:---
> default:group:2004:r-x
> default:group:2005:rwx
> default:mask::rwx
> default:other::---
>
> Change the ownership:
>
> chown root:Unix\ Admins /home/testdata
>
> Now go to the Win7 VM and add 'rowland' back as a user with 'Read &
> execute, List folder contents and Read' permissions. This worked
> without error and getfacl now shows:
>
> getfacl: Removing leading '/' from absolute path names
> # file: home/testdata
> # owner: root
> # group: unix\040admins
> user::rwx
> user:root:rwx
> user:rowland:r-x
> group::---
> group:root:---
> group:2004:r-x
> group:2005:rwx
> group:unix\040admins:---
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:rowland:r-x
> default:group::---
> default:group:root:---
> default:group:2004:r-x
> default:group:2005:rwx
> default:group:unix\040admins:---
> default:mask::rwx
> default:other::---
>
> Do you have these lines in smb.conf:
>
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> Are the 'acl' and 'attr' packages installed.
>
> Rowland
>
More information about the samba
mailing list