[Samba] cannot set filesystem permissions on shares

Pisch Tamás pischta at gmail.com
Tue Jul 2 12:49:30 UTC 2019 

> >>> Hi,
> >>>
> >>> I would like to set filesystem permissions on shares (users, at the
> >>> moment) with Windows 10 (1809).
> >>> On the Samba side, the filesystem is ext4. I tested the extended
> >>> attributes usability with setfattr/getfattr, and setfacl/getfacl, and
> >>> they work.
> >>> I set the followings in smb.conf:
> >>> [global]
> >>> vfs objects = acl_xattr
> >>> map acl inherit = yes
> >>> store dos attributes = yes
> >>> ...
> >>>
> >>> [users]
> >>> path = /home/users
> >>> read only = no
> >>>
> >>> And:
> >>> chown root:"Domain Admins" /home/users
> >>> chmod 0770 /home/users
> >>>
> >>> I gave SeDiskOperatorPrivilege to the Administrator user (I don't
> >>> understand, why he doesn't have it default) on dc1, and on the file
> >>> server too.
> >>>
> >>> On Windows, I can connect to the Samba file server, with computer
> >>> management (it connects immediately, but, when I click on the system
> >>> tools, it gives me an error message: SRV cannot connect... When I
> >>> click on the ok, it connects after all). I can see shares in Shared
> >>> folders/Shares. I can set share permissions, but on the security tab,
> >>> I see that I need read permission for the object. When I click on
> >>> Special button, the situation is similar: I don't have permission for
> >>> the object.
> >>> What additional settings I need, what should I check?
> >>>
> >> Can you start by posting your entire smb.conf
> > Yes:
> >
> > [global]
> > bind interfaces only = Yes
> > dos charset = CP852
> > interfaces = lo enp0s3
> > log file = /var/log/samba/%m.log
> > log level = 1
> > name resolve order = wins bcast
> > realm = A.B.HU
> > security = ADS
> > template homedir = /home/users/%U
> > template shell = /bin/bash
> > unix charset = UTF8
> > username map = /etc/samba/user.map
> > wins server = 192.168.0.4
> > workgroup = A
> > idmap config a : range = 10000-999999
> > idmap config a : backend = rid
> > idmap config * : range = 3000-7999
> > idmap config * : backend = tdb
> > create mask = 0770
> > csc policy = disable
> > directory mask = 0770
> > map acl inherit = Yes
> > store dos attributes = Yes
> > vfs objects = acl_xattr
> >
> > [users]
> > path = /home/users
> > read only = No
> >
> Have you read this:
>
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

Yes.

> Does '/etc/samba/user.map' contain this:
>
> !root = A\Administrator

Yes.

> The only thing 'wrong' with your smb.conf is the use of 'wins', this
> isn't used any more.

Thanks, I changed the necessary parameters.
Problem still exists.

More information about the samba mailing list