[Samba] editing samba-share ACLs etc from Windows

Rowland Penny rpenny at samba.org
Thu Oct 20 11:14:14 UTC 2022 


On 20/10/2022 12:04, Stefan G. Weichinger via samba wrote:
> Am 20.10.22 um 11:13 schrieb Rowland Penny via samba:
> 
>>> # Use settings from AD for login shell and home directory
>>> winbind nss info = template
>>
>> That is interesting, mainly because you are using the idmap 'rid' 
>> backend, you can only use rfc2307 attributes from AD if you use the 
>> idmap 'ad' backend, so you might as well remove those two lines.
>>
>>> template shell = /bin/bash
>>> template homedir = /mnt/samba/Daten/%U
> 
> The lines above or below your comment?

The lines 'above', I would have said 'these' if I meant the lines 
'below', unless I was having another senior moment :-D

> 
>>> # ACLs
>>>      store dos attributes = Yes
>>>      map acl inherit = Yes
>>>      #vfs objects = acl_xattr full_audit
>>>      vfs objects = acl_xattr
>>>
>>> # Audit settings
>>> full_audit:prefix = %u|%I|%m|%S
>>> full_audit:failure = connect
>>> full_audit:success = mkdir rmdir read pread write pwrite rename unlink
>>> full_audit:facility = local5
>>> full_audit:priority = notice
>>>
>>
>> You might as well comment out the audit settings, you are not using them.
> 
> Sure, understood. Disabled that a while ago.
> 
>>> [daten]
>>>      comment = Daten
>>>      path = /mnt/samba/
>>>      read only = No
>>>      create mask = 0775
>>>      directory mask = 02775
>>>      force directory mode = 0775
>>>      #wide links = yes
>>>      #veto oplock files = /*.DAT/*.dat/
>>>      #oplocks = False
>>>      #level2 oplocks = False
>>>
>>
>> OK, where does it say to add all those extra lines to the share ? It 
>> certainly doesn't say it here:
>> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> 
> As mentioned: historic and grown config ...

I suggest you add a 'test' share following the wikipage I pointed to 
earlier and see if that works.

> 
>> You didn't post the share permissions I asked for, is it possible you 
>> can do so ?
> 
> Where do I take these from?
> 

ls -ld /mnt/samba

Rowland

More information about the samba mailing list