[Samba] editing samba-share ACLs etc from Windows
Stefan G. Weichinger
lists at xunil.at
Thu Oct 20 11:04:11 UTC 2022
Am 20.10.22 um 11:13 schrieb Rowland Penny via samba:
>> # Use settings from AD for login shell and home directory
>> winbind nss info = template
>
> That is interesting, mainly because you are using the idmap 'rid'
> backend, you can only use rfc2307 attributes from AD if you use the
> idmap 'ad' backend, so you might as well remove those two lines.
>
>> template shell = /bin/bash
>> template homedir = /mnt/samba/Daten/%U
The lines above or below your comment?
>> # ACLs
>> store dos attributes = Yes
>> map acl inherit = Yes
>> #vfs objects = acl_xattr full_audit
>> vfs objects = acl_xattr
>>
>> # Audit settings
>> full_audit:prefix = %u|%I|%m|%S
>> full_audit:failure = connect
>> full_audit:success = mkdir rmdir read pread write pwrite rename unlink
>> full_audit:facility = local5
>> full_audit:priority = notice
>>
>
> You might as well comment out the audit settings, you are not using them.
Sure, understood. Disabled that a while ago.
>> [daten]
>> comment = Daten
>> path = /mnt/samba/
>> read only = No
>> create mask = 0775
>> directory mask = 02775
>> force directory mode = 0775
>> #wide links = yes
>> #veto oplock files = /*.DAT/*.dat/
>> #oplocks = False
>> #level2 oplocks = False
>>
>
> OK, where does it say to add all those extra lines to the share ? It
> certainly doesn't say it here:
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
As mentioned: historic and grown config ...
> You didn't post the share permissions I asked for, is it possible you
> can do so ?
Where do I take these from?
thanks
More information about the samba
mailing list