[Samba] mixing Windows ACL and POSIX ACL shares on one server?

Matjaz Matjaz matyaz at yahoo.com
Fri Nov 15 01:56:52 UTC 2019 

 
Microsoft Windows [Version 6.1.7600]Copyright (c) 2009 Microsoft Corporation. Vse pravice pridržane.
C:\Users\hp>ping 9.68.67.166
Pinging 9.68.67.166 with 32 bytes of data:Request timed out.Request timed out.Request timed out.Request timed out.
Ping statistics for 9.68.67.166:    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Users\hp>telnet www.example.com 80'telnet' is not recognized as an internal or external command,operable program or batch file.
C:\Users\hp>cd\
C:\>telnet 8.8.8.8 53'telnet' is not recognized as an internal or external command,operable program or batch file.
C:\>cdC:\
C:\>netstat
Active Connections
  Proto  Local Address          Foreign Address        State  TCP    127.0.0.1:53185        hp-PC:8060             SYN_SENT  TCP    192.168.64.100:49230   wl-in-f188:5228        ESTABLISHED  TCP    192.168.64.100:50717   edge-star-shv-01-vie1:https  ESTABLISHED  TCP    192.168.64.100:50977   edge-star-shv-01-vie1:https  ESTABLISHED  TCP    192.168.64.100:53047   104.244.42.2:https     ESTABLISHED  TCP    192.168.64.100:53157   104.244.42.2:https     ESTABLISHED  TCP    192.168.64.100:53158   192.229.233.50:https   ESTABLISHED  TCP    192.168.64.100:53159   104.244.43.131:https   ESTABLISHED  TCP    192.168.64.100:53160   192.229.220.133:https  ESTABLISHED  TCP    192.168.64.100:53164   104.244.42.1:https     ESTABLISHED  TCP    [::1]:2869             hp-PC:53166            TIME_WAIT
C:\>
come on I hit the wall    Dne petek, 15. november 2019 00:10:34 GMT+1 je uporabnik Timothy Brewer via samba <samba at lists.samba.org> napisal:  
 
 Matthias,

I used setfacl to set POSIX and Ad ACLS. Windows users who are in the
appropriate group can manage perms for both.

Cheers,
Tim

On Thu, Nov 14, 2019 at 3:43 PM Matthias Leopold via samba <
samba at lists.samba.org> wrote:

>
>
> Am 14.11.19 um 23:03 schrieb Jeremy Allison via samba:
> > On Fri, Nov 15, 2019 at 10:51:41AM +1300, Andrew Bartlett via samba
> wrote:
> >> On Thu, 2019-11-14 at 21:45 +0100, Matthias Leopold via samba wrote:
> >>> Hi,
> >>>
> >>> I posted a similar question in 2018 with no answers, so I'll try
> >>> again:
> >>> Is it possible to have shares with Windows ACLs and shares with
> >>> POSIX
> >>> ACLs on the same server (security = user)? Since share permissions
> >>> are
> >>> handled differently for both types of shares I'm not sure if this
> >>> will
> >>> work. I know I could try it out myself, but the question again just
> >>> came
> >>> to my mind and I think there will be clear answer by someone who
> >>> knows.
> >>
> >> Yes, use acl_xattr to store the windows acl if you want that handled
> >> faithfully.  The last ACL to be set will win.
> >>
> >> If you set a POSIX ACL then any windows ACL that has been set will be
> >> ignored.  If you set a windows ACL on the same file then it will be
> >> translated into posix and also stored.
> >>
> >> So, the idea is that it would 'just work'.
> >
> > Yep, +1 Andrew, that's the way it's meant to work (was
> > designed that way). There might be some tricky corner
> > cases but mostly this is the way most Samba installs
> > use ACLs.
> >
>
> thank you. you are all focusing on ACLs, I'm rather sure they will work,
> my concern is rather management of share permissions. will
> share_info.tdb (Windows ACL share) work alongside with "valid users"
> (POSIX ACL share)?
>
> Matthias
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Tim Brewer
Field Services Tech - ETS FS region 2
Wyoming Department of Enterprise Technology Services
2020 Grand Ave.
Laramie, WY 82070
tim.brewer at wyo.gov
website:  ets.wyo.gov
Support:  307-777-5000
Direct Line:  307-343-3183

Ensuring Wyoming has trailblazing technology to meet tomorrows challenges
while delivering the finest in business services today.

-- 

E-Mail to and from me, in connection with the transaction 
of public 
business, is subject to the Wyoming Public Records 
Act and may be 
disclosed to third parties.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list