[Samba] Computer Management - Share Security - No Read Access

Marco Shmerykowsky marco at sce-engineers.com
Tue Feb 19 23:27:14 UTC 2019


I'm getting an inkling on the problem.

In my OLD WinNT style Domain setup, I copies all my
files to another windows machine.  I then setup the
new server and once I established a connection which
I thought was stable, I copied all the files back
to the new server on the AD Domain.

I strongly suspect that the problem has to do with
the resulting ACLs and permissions from copying between
the two domains.



On 2019-02-19 5:30 pm, L.P.H. van Belle wrote:
> I suggest you start with :
> 1770 /server	(+ creator owner )
> 3770 /server/programs ( + creator owner + creator group. )
> 
> Then check again with getfacl
> 
> 
> Greetz,
> 
> Louis
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Marco Shmerykowsky via samba
>> Verzonden: dinsdag 19 februari 2019 23:13
>> Aan: Rowland Penny
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Computer Management - Share Security -
>> No Read Access
>> 
>> 
>> >> On 2019-02-19 4:22 pm, Rowland Penny via samba wrote:
>> >> > On Tue, 19 Feb 2019 16:13:27 -0500
>> >> > Marco Shmerykowsky <marco at sce-engineers.com> wrote:
>> >> >
>> >> >>
>> >> >> On 2019-02-19 3:47 pm, Rowland Penny via samba wrote:
>> >> >> > On Tue, 19 Feb 2019 15:25:51 -0500
>> >> >>
>> >> >> >> What exactly does "START AGAIN" imply? Just chmod?
>> >> >> >
>> >> >> > 'ls' shows the correct ownership and Unix permissions:
>> >> >> >
>> >> >> > drwxrwx---+  4 root          domain admins 4096 Feb 17 19:13
>> >> >> > programs
>> >> >> >
>> >> >> > But 'getfacl' show something different:
>> >> >> >
>> >> >> > getfacl: Removing leading '/' from absolute path names
>> >> >> > # file: server
>> >> >> > # owner: root
>> >> >> > # group: root
>> >> >> > user::rwx
>> >> >> > group::r-x
>> >> >> > other::r-x
>> >> >> >
>> >> >> > So what I am suggesting is that you use 'setfacl' to
>> remove the
>> >> >> > extended ACL's, it is the only thing I can see
>> different between
>> >> >> > my working system and your non-working system
>> >> >> >
>> >> >> > Rowland
>> >> >>
>> >> >> root at machine253:/server# setfacl -b /server/users
>> >> >>
>> >> >> root at machine253:/server# chmod 0770 /server/programs
>> >> >> root at machine253:/server# ls -l
>> >> >> total 20
>> >> >> drwxrwx--- 4 root          domain admins 4096 Feb 17
>> 19:13 programs
>> >> >>
>> >> >>
>> >> >> root at machine253:/server# getfacl /server/programs
>> >> >> getfacl: Removing leading '/' from absolute path names
>> >> >> # file: server/programs
>> >> >> # owner: root
>> >> >> # group: domain\040admins
>> >> >> user::rwx
>> >> >> group::rwx
>> >> >> other::---
>> >> >>
>> >> >> No Change
>> >> >
>> >> > When you say 'No Change' I take it you mean that it is still not
>> >> > working from Windows, because there is a change on the Unix side,
>> >> > 'Domain Admins' now has the required Unix permissions.
>> >>
>> >> Correct.  In Computer Manager I can not access anything on the
>> >> share except for the share permissions.
>> >>
>> >> I've also been trying to create "user directory" using %LogonUser%
>> >> via a group profile.  That deosn't seem to be working, but I don't
>> >> know if it's related.
>> >> >
>> >> > One other thing, I cannot remember asking if Apparmor or
>> Selinux is
>> >> > installed and enabled.
>> >> >
>> >> > Rowland
>> >>
>> >> I tried sestatus and apparmor_status and bith returned 'command not
>> >> found'
>> >> so I assume they're not running.  I installed Debian 9
>> from the LiveCD
>> >> with the cinnamon desktop.
>> >
>> > OK, it is late here, but just in case something has
>> changed, I will set
>> > up a new Debian 9 VM tommorrow, install the distro Samba
>> Packages and
>> > follow the Samba wiki page.
>> >
>> > Can you confirm that you are using Samba from Debian 9.
>> > You seem to be using '/server' as the shared directory, is this
>> > correct ?
>> > What Windows version are you using ? (I know you may have
>> already said,
>> > but it saves me looking it up)
>> >
>> > Rowland
>> 
>> Debian 9 -> uname -r -> 4.9.0-8-686
>> 
>> This is the iso I used:
>> https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hy
> brid/debian-live-9.8.0-amd64-cinnamon.iso
>> 
>> Windows 10 (version 1803)
>> 
>> The file directory for the various shares is '/server'
>> 
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>> 
>> 



More information about the samba mailing list