[Samba] Adding Share Windows ACL
Micha Ballmann
ballmann at uni-landau.de
Sun Jan 28 09:52:47 UTC 2018
Im sorry last mail was not complete.
...
-> Login to Windows with administrator and connect to FILESERVER via
"Computer Management" -> Chosing Demo Share and going to security Tab ->
Cant set any ACL because, permission denied!
Am 27. Januar 2018 11:35:53 MEZ schrieb Micha Ballmann via samba <samba at lists.samba.org>:
>Hello,
>
>i also fired up a new vm :) and configured "rid" backend. I followed
>all
>step in
>https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs.
>
>Sett the Attributs in smb.conf:
>
>vfs objects = acl_xattr
>map acl inherit = yes
>store dos attributes = yes
>
>Granting the SeDiskOperatorPrivilege:
>
># net rpc rights grant "SAMDOM\Domain Admins" SeDiskOperatorPrivilege
>-U
>(successful after trourbleshoting)
>
>Adding Share (i just copy and paste the example):
>
># mkdir -p /srv/samba/Demo/
># chown root:"Domain Admins" /srv/samba/Demo/ --> NOW WORKING BECAUSE I
>
>SET UP RID BACKEND
># chmod 0770 /srv/samba/Demo/
>
>smb.conf
>
>[Demo]
> path = /srv/samba/Demo/
> read only = no
>
>-> Login to Windows with administrator and connect to FILESERVER via
>"Computer Management" -> Chosing Demo Share and going to security Tab
>->
>
>Regarads
>
>Micha
>
>
>Am 26.01.2018 um 16:31 schrieb Rowland Penny via samba:
>> On Fri, 26 Jan 2018 14:18:53 +0000
>> Rowland Penny via samba <samba at lists.samba.org> wrote:
>>
>>> On Fri, 26 Jan 2018 14:10:40 +0100
>>> Micha Ballmann <ballmann at uni-landau.de> wrote:
>>>
>>>> To set share windows permissions and windows acl i login on a
>>>> windows 7 computer with the administrator user.|Open ||Computer
>>>> Management and connect to the fileserver. when im trying now to set
>>>> acl i ve no permissions.|||||||
>>>>
>>> Well, I couldn't understand why it wasn't working, so I fired up a
>VM
>>> running win7 and guess what, it doesn't work for me either, it did,
>>> but it doesn't now :-(
>>>
>>> I will get back to you.
>>>
>>> Rowland
>>>
>> OK, I found out why it wasn't working, I was connecting to a share
>that
>> belonged to 'root:root' with 'drwxr-xr-x' permissions.
>>
>> I created a new share:
>>
>> [data]
>> path = /home/testdata
>> read only = no
>>
>> mkdir /home/testdata
>>
>> getfacl /home/testdata shows this:
>>
>> getfacl: Removing leading '/' from absolute path names
>> # file: home/testdata
>> # owner: rowland
>> # group: domain\040users
>> user::rwx
>> user:root:rwx
>> group::---
>> group:root:---
>> group:2004:r-x
>> group:2005:rwx
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:user:root:rwx
>> default:group::---
>> default:group:root:---
>> default:group:2004:r-x
>> default:group:2005:rwx
>> default:mask::rwx
>> default:other::---
>>
>> Change the ownership:
>>
>> chown root:Unix\ Admins /home/testdata
>>
>> Now go to the Win7 VM and add 'rowland' back as a user with 'Read &
>> execute, List folder contents and Read' permissions. This worked
>> without error and getfacl now shows:
>>
>> getfacl: Removing leading '/' from absolute path names
>> # file: home/testdata
>> # owner: root
>> # group: unix\040admins
>> user::rwx
>> user:root:rwx
>> user:rowland:r-x
>> group::---
>> group:root:---
>> group:2004:r-x
>> group:2005:rwx
>> group:unix\040admins:---
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:user:root:rwx
>> default:user:rowland:r-x
>> default:group::---
>> default:group:root:---
>> default:group:2004:r-x
>> default:group:2005:rwx
>> default:group:unix\040admins:---
>> default:mask::rwx
>> default:other::---
>>
>> Do you have these lines in smb.conf:
>>
>> vfs objects = acl_xattr
>> map acl inherit = Yes
>> store dos attributes = Yes
>>
>> Are the 'acl' and 'attr' packages installed.
>>
>> Rowland
>>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
More information about the samba
mailing list