[Samba] Problem with rights in samba 4.9.0

Gabriel O. Franca gabriel.franca at gmail.com
Tue Oct 30 18:59:34 UTC 2018


Hi Rowland, 


Thanks for explanation! 



I will change the night and test with the client tomorrow morning. 


As soon as I test I come and report whether it worked or not. 


Regards, 


Gabriel Franca ----- Mensagem original -----

De: "Rowland Penny via samba" <samba at lists.samba.org> 
Para: samba at lists.samba.org 
Enviadas: Terça-feira, 30 de Outubro de 2018 15:21:37 
Assunto: Re: [Samba] Problem with rights in samba 4.9.0 

On Tue, 30 Oct 2018 14:51:32 -0300 (BRT) 
"Gabriel O. Franca via samba" <samba at lists.samba.org> wrote: 

> 
> 
> good afternoon everyone, 
> 
> 
> I have a problem that I can not solve I have installed a samba 4.9.0 
> in centos 7.5 using XFS. 
> 
> 
> In the DPTO share I have the departmental folders, which I gave the 
> rights to the groups. 
> 
> 
> The problem: 
> 
> 
> when a user creates a file within some sub-folders the group's rights 
> do not arrive in the file is read-only. 
> 
> 
> When the user accesses a website and downloads the file directly to 
> the share, nobody in the group can access that file and when I go 
> through windows and right click and access the security tab it 
> closes. 
> 
> 
> I need some help to understand how to use acl and give rights 
> correctly. 
> 
> 
> follows smb.conf 
> 
> 
> # Global parameters 
> [global] 
> netbios name = SAMBA 
> realm = NOIR.CORP 
> server role = active directory domain controller 
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
> winbindd, ntp_signd, kcc, dnsupdate workgroup = NOIR 
> ldap server require strong auth = no 
> idmap_ldb:use rfc2307 = yes 
> vfs objects = recycle acl_xattr 

Remove 'acl_xattr' it is builtin on a DC 

> map acl inherit = Yes 
> store dos attributes = Yes 

Same goes for the above two lines. 

> recycle:keeptree = yes 
> recycle:versions = yes 
> recycle:repository = /dados/trash/%U 
> recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso 
> recycle:exclude_dir = tmp, cache 
> 
> [dpto] 
> path = /dados/dpto 
> read only = No 
> hide unreadable = yes 
> hide unwriteable files = yes 
> #Bloqueio de extensoes de midia no samba 
> # veto files 
> = /*.mp3/*.nws/*.{*}/*.avi/*.mpeg/*.mpg/*.wma/*.wmv/*.exe #nao tentar 
> fazer um lock nesses arquivos veto oplock files 
> = /*.doc/*.xls/*.mdb/*.docx/*.DOC/*.DOCX/*.XLSX/*.xlsx/*.rtf/*.RTF/ 

Your main problem is that you are using a DC as a fileserver and are 
trying to set up as if it is a fileserver, this doesn't work. 
You need to use Windows ACL's, for more info, see here: 

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs 

Rowland 

-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 



More information about the samba mailing list