[Samba] cannot set filesystem permissions on shares
Rowland penny
rpenny at samba.org
Tue Jul 2 12:02:52 UTC 2019
On 02/07/2019 12:38, Pisch Tamás via samba wrote:
>>> Hi,
>>>
>>> I would like to set filesystem permissions on shares (users, at the
>>> moment) with Windows 10 (1809).
>>> On the Samba side, the filesystem is ext4. I tested the extended
>>> attributes usability with setfattr/getfattr, and setfacl/getfacl, and
>>> they work.
>>> I set the followings in smb.conf:
>>> [global]
>>> vfs objects = acl_xattr
>>> map acl inherit = yes
>>> store dos attributes = yes
>>> ...
>>>
>>> [users]
>>> path = /home/users
>>> read only = no
>>>
>>> And:
>>> chown root:"Domain Admins" /home/users
>>> chmod 0770 /home/users
>>>
>>> I gave SeDiskOperatorPrivilege to the Administrator user (I don't
>>> understand, why he doesn't have it default) on dc1, and on the file
>>> server too.
>>>
>>> On Windows, I can connect to the Samba file server, with computer
>>> management (it connects immediately, but, when I click on the system
>>> tools, it gives me an error message: SRV cannot connect... When I
>>> click on the ok, it connects after all). I can see shares in Shared
>>> folders/Shares. I can set share permissions, but on the security tab,
>>> I see that I need read permission for the object. When I click on
>>> Special button, the situation is similar: I don't have permission for
>>> the object.
>>> What additional settings I need, what should I check?
>>>
>> Can you start by posting your entire smb.conf
> Yes:
>
> [global]
> bind interfaces only = Yes
> dos charset = CP852
> interfaces = lo enp0s3
> log file = /var/log/samba/%m.log
> log level = 1
> name resolve order = wins bcast
> realm = A.B.HU
> security = ADS
> template homedir = /home/users/%U
> template shell = /bin/bash
> unix charset = UTF8
> username map = /etc/samba/user.map
> wins server = 192.168.0.4
> workgroup = A
> idmap config a : range = 10000-999999
> idmap config a : backend = rid
> idmap config * : range = 3000-7999
> idmap config * : backend = tdb
> create mask = 0770
> csc policy = disable
> directory mask = 0770
> map acl inherit = Yes
> store dos attributes = Yes
> vfs objects = acl_xattr
>
> [users]
> path = /home/users
> read only = No
>
Have you read this:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
Does '/etc/samba/user.map' contain this:
!root = A\Administrator
The only thing 'wrong' with your smb.conf is the use of 'wins', this
isn't used any more.
Rowland
More information about the samba
mailing list