[Samba] Computer Management - Share Security - No Read Access
L.P.H. van Belle
belle at bazuin.nl
Tue Feb 19 22:30:10 UTC 2019
I suggest you start with :
1770 /server (+ creator owner )
3770 /server/programs ( + creator owner + creator group. )
Then check again with getfacl
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Marco Shmerykowsky via samba
> Verzonden: dinsdag 19 februari 2019 23:13
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Computer Management - Share Security -
> No Read Access
>
>
> >> On 2019-02-19 4:22 pm, Rowland Penny via samba wrote:
> >> > On Tue, 19 Feb 2019 16:13:27 -0500
> >> > Marco Shmerykowsky <marco at sce-engineers.com> wrote:
> >> >
> >> >>
> >> >> On 2019-02-19 3:47 pm, Rowland Penny via samba wrote:
> >> >> > On Tue, 19 Feb 2019 15:25:51 -0500
> >> >>
> >> >> >> What exactly does "START AGAIN" imply? Just chmod?
> >> >> >
> >> >> > 'ls' shows the correct ownership and Unix permissions:
> >> >> >
> >> >> > drwxrwx---+ 4 root domain admins 4096 Feb 17 19:13
> >> >> > programs
> >> >> >
> >> >> > But 'getfacl' show something different:
> >> >> >
> >> >> > getfacl: Removing leading '/' from absolute path names
> >> >> > # file: server
> >> >> > # owner: root
> >> >> > # group: root
> >> >> > user::rwx
> >> >> > group::r-x
> >> >> > other::r-x
> >> >> >
> >> >> > So what I am suggesting is that you use 'setfacl' to
> remove the
> >> >> > extended ACL's, it is the only thing I can see
> different between
> >> >> > my working system and your non-working system
> >> >> >
> >> >> > Rowland
> >> >>
> >> >> root at machine253:/server# setfacl -b /server/users
> >> >>
> >> >> root at machine253:/server# chmod 0770 /server/programs
> >> >> root at machine253:/server# ls -l
> >> >> total 20
> >> >> drwxrwx--- 4 root domain admins 4096 Feb 17
> 19:13 programs
> >> >>
> >> >>
> >> >> root at machine253:/server# getfacl /server/programs
> >> >> getfacl: Removing leading '/' from absolute path names
> >> >> # file: server/programs
> >> >> # owner: root
> >> >> # group: domain\040admins
> >> >> user::rwx
> >> >> group::rwx
> >> >> other::---
> >> >>
> >> >> No Change
> >> >
> >> > When you say 'No Change' I take it you mean that it is still not
> >> > working from Windows, because there is a change on the Unix side,
> >> > 'Domain Admins' now has the required Unix permissions.
> >>
> >> Correct. In Computer Manager I can not access anything on the
> >> share except for the share permissions.
> >>
> >> I've also been trying to create "user directory" using %LogonUser%
> >> via a group profile. That deosn't seem to be working, but I don't
> >> know if it's related.
> >> >
> >> > One other thing, I cannot remember asking if Apparmor or
> Selinux is
> >> > installed and enabled.
> >> >
> >> > Rowland
> >>
> >> I tried sestatus and apparmor_status and bith returned 'command not
> >> found'
> >> so I assume they're not running. I installed Debian 9
> from the LiveCD
> >> with the cinnamon desktop.
> >
> > OK, it is late here, but just in case something has
> changed, I will set
> > up a new Debian 9 VM tommorrow, install the distro Samba
> Packages and
> > follow the Samba wiki page.
> >
> > Can you confirm that you are using Samba from Debian 9.
> > You seem to be using '/server' as the shared directory, is this
> > correct ?
> > What Windows version are you using ? (I know you may have
> already said,
> > but it saves me looking it up)
> >
> > Rowland
>
> Debian 9 -> uname -r -> 4.9.0-8-686
>
> This is the iso I used:
> https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hy
brid/debian-live-9.8.0-amd64-cinnamon.iso
>
> Windows 10 (version 1803)
>
> The file directory for the various shares is '/server'
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list