PS: smbcacl doesn't work for me

Zoltan Bogdan zoltan.bogdan at t-online.de
Sat Oct 5 15:50:01 GMT 2002 

Am Fre, 2002-10-04 um 18.57 schrieb Steve Langasek:

    On Fri, Oct 04, 2002 at 06:48:55PM +0200, Zoltan Bogdan wrote:
    > Am Don, 2002-10-03 um 23.43 schrieb Zoltan Bogdan:
    
    >     Hi, 
    >     I share an XFS-volume via samba 2.2.4. 
    
    >     fetching the acls works like the following for me: 
    
    >     -------------------------------------------- 
    >     hermes:/secrets # smbcacls //hermes/xfs-share test -U TOGO/hzbogdan 
    >     Password: 
    >     REVISION:1 
    >     OWNER:TOGO\hzbogdan 
    >     GROUP:TOGO\users 
    >     ACL:TOGO\hzbogdan:ALLOWED//RW 
    >     ACL:TOGO\users:ALLOWED//R 
    >     ACL:\Everyone:ALLOWED//R 
    >     --------------------------------------------- 
    
    >     When I try to set - or rather modify - the Acl for the group
    >     "users", I get strange results: 
    
    >     --------------------------------------------- 
    >     hermes:/secrets # smbcacls //hermes/xfs-share test -U TOGO/hzbogdan
    >     -M ACL:TOGO\users:0/0/W 
    >     Password: 
    >     Failed to parse ACL ACL:TOGOusers 
    >     -------------------------------------------- 
    
    >     Using various substitutions for type/flags/mask Values didn't get
    >     better results. 
    
    >     Could someone provide some help? 
    
    You haven't escaped your strings to make them shell-safe.  The shell eats
    the backslash, and smbcacls only sees 'ACL:TOGOusers' instead of
    'ACL:TOGO\users'.
    
    I also don't know for sure if names in ACLs are supported by smbcacls in
    2.2.  If so, you definitely need to handle that backslash:
    
      smbcacls //hermes/xfs-share test -U TOGO/hzbogdan -M ACL:TOGO\\users:0/0/W
    
    or
    
      smbcacls //hermes/xfs-share test -U TOGO/hzbogdan -M 'ACL:TOGO\users:0/0/W'
    
    HTH,
    
    Steve Langasek
    postmodern programmer

Hi Steve,
thanks for your hint.
Not escaping special characters is a quite silly fault and i'm a little
embarrassed.
Unfortunately escaping didn't work either - so you're probably right
assuming that names are not supported.
Do you know where I get the hex code for the NT-ACLs ?


Here's another strange thing I expierienced playing arround with
smbcacls:
The output calling smbacls locally is different from the output I get if
I call it in an ssh session:

locally:
-------------------------------------------------------------------------------------------------
linux:/data # smbcacls //linux/testXFS  test -U TESTNET/testuser -M
ACL:TESTNET\\users:0/0/RW
<snip>
lsa_io_sec_qos: length c does not match size 8
Failed to parse ACL ACL:TESTNET\users
----------------------------------------------------------------------------------------------------

remote:
-------------------------------------------------------------------------------------------------
linux:/data # smbcacls //linux/testXFS test -U TESTNET/testuser -A
ACL:TESTNET\\users:0/0/RW
<snip>
Failed to parse security descriptor
-------------------------------------------------------------------------------------------------

bye 
z.

 
Zoltan Bogdan

Zoltan Bogdan - Linux SystemIntegration
Kreutzerstr. 71 D-90439 Nürnberg
Tel. +49 (0)911 929 191 25
Fax +49 (0)911 929 191 26
Mobil +49 (0)175 521 705 4
Zoltan.Bogdan at t-online.de

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba-technical mailing list