[Samba] permission denied with windows acls
Rowland Penny
rpenny at samba.org
Mon Jan 29 21:08:26 UTC 2024
On Mon, 29 Jan 2024 12:51:37 -0800
Peter Carlson via samba <samba at lists.samba.org> wrote:
>
> Just did a quick test, the big T comes after setting permissions in
> windows
>
> root at fs1:/var/log# cd /data
> root at fs1:/data# mkdir -m 1777 test2
No it doesn't, you are setting it.
I set the permissions on the share directory like this:
mkdir -p /srv/mtest1
chown root:"Domain Admins" /srv/mtest1
chmod 0770 /srv/mtest1
Which is what it shows here:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> root at fs1:/data# chown root:"CARLSON\\domain admins" test2
> root at fs1:/data# vi /etc/samba/smb.conf
> root at fs1:/data# systemctl restart smbd.service
> root at fs1:/data# ls -ald /data/*
> drwxrwx--T+ 4 root CARLSON\domain admins 4096 Jan 26 16:13 /data/test
> drwxrwxrwt 2 root CARLSON\domain admins 4096 Jan 29 20:43 /data/test2
No, I take it back (slightly), you set the permissions with 't' (which
shows the sticky bit is set) and then when you change the permissions
from Windows, acl_xattr removes the 'rwx' from 'others', this changes
the 't' to a 'T'
At least that is what I think is happening.
The cure, stop setting the permissions to '1777' in the first place,
use '0770'
Rowland
More information about the samba
mailing list