[Samba] Computer Management - Share Security - No Read Access
Marco Shmerykowsky
marco at sce-engineers.com
Tue Feb 19 21:42:44 UTC 2019
---
Marco J. Shmerykowsky, P.E.
marco at sce-engineers.com
--------------------------------------------
Shmerykowsky Consulting Engineers
Structural Analysis & Design
102 West 38th Street, 2nd Floor
New York, New York 10018
Tel. (212)719-9700 Fax. (212)719-4822
http://www.sce-engineers.com
--------------------------------------------
On 2019-02-19 4:22 pm, Rowland Penny via samba wrote:
> On Tue, 19 Feb 2019 16:13:27 -0500
> Marco Shmerykowsky <marco at sce-engineers.com> wrote:
>
>>
>> On 2019-02-19 3:47 pm, Rowland Penny via samba wrote:
>> > On Tue, 19 Feb 2019 15:25:51 -0500
>>
>> >> What exactly does "START AGAIN" imply? Just chmod?
>> >
>> > 'ls' shows the correct ownership and Unix permissions:
>> >
>> > drwxrwx---+ 4 root domain admins 4096 Feb 17 19:13
>> > programs
>> >
>> > But 'getfacl' show something different:
>> >
>> > getfacl: Removing leading '/' from absolute path names
>> > # file: server
>> > # owner: root
>> > # group: root
>> > user::rwx
>> > group::r-x
>> > other::r-x
>> >
>> > So what I am suggesting is that you use 'setfacl' to remove the
>> > extended ACL's, it is the only thing I can see different between my
>> > working system and your non-working system
>> >
>> > Rowland
>>
>> root at machine253:/server# setfacl -b /server/users
>>
>> root at machine253:/server# chmod 0770 /server/programs
>> root at machine253:/server# ls -l
>> total 20
>> drwxrwx--- 4 root domain admins 4096 Feb 17 19:13 programs
>>
>>
>> root at machine253:/server# getfacl /server/programs
>> getfacl: Removing leading '/' from absolute path names
>> # file: server/programs
>> # owner: root
>> # group: domain\040admins
>> user::rwx
>> group::rwx
>> other::---
>>
>> No Change
>
> When you say 'No Change' I take it you mean that it is still not
> working from Windows, because there is a change on the Unix side,
> 'Domain Admins' now has the required Unix permissions.
Correct. In Computer Manager I can not access anything on the
share except for the share permissions.
I've also been trying to create "user directory" using %LogonUser%
via a group profile. That deosn't seem to be working, but I don't
know if it's related.
>
> One other thing, I cannot remember asking if Apparmor or Selinux is
> installed and enabled.
>
> Rowland
I tried sestatus and apparmor_status and bith returned 'command not
found'
so I assume they're not running. I installed Debian 9 from the LiveCD
with the cinnamon desktop.
More information about the samba
mailing list