samba - May 2004 - Samba 2.2.8a - winbind do I need ACL for letting users change their file permissions?

Hi,

I have a working installation of Samba 2.2.8a on Mandrake 9.2 - kernel
2.4.20 connected to a Win NT 4.0 sp6 via pam/winbind.
 

Everything works fine except that I cannot give the NT user
"administrator"
administrative rights on samba and users cannot change samba file
permissions from Win2k/WinXP

 

Here follows my smb.conf

 

# Samba config file created using SWAT

# from 0.0.0.0 (0.0.0.0)

# Date: 2004/04/28 11:35:22

 

# Global parameters

[global]

            workgroup = DOMAIN

            netbios name = SAMBA

            server string = Samba Server %v

            security = DOMAIN

            encrypt passwords = Yes

            obey pam restrictions = Yes

            password server = *

            log file = /var/log/samba/log.%m

            max log size = 50

            socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

            character set = ISO8859-15

            os level = 18

            local master = No

            dns proxy = No

            winbind uid = 10000-20000

            winbind gid = 10000-20000

            template homedir = /users/%D/home/%U

            template shell = /bin/bash

            winbind separator = /

            winbind use default domain = Yes

            path = /home

            admin users = Administrator

 

[homes]

            path = /users/DOMAIN/home

            read only = No

            create mask = 0600

            directory mask = 0700

            browseable = No

            wide links = No

 

[felles]

            path = /users/DOMAIN/felles

        read only = No

            valid users = @"Domain Users", at
Domain_Ansatte,@"Domain
Admins"

            force create mode = 0775

            force directory mode = 0775

 

 

I was wondering if there is a simple solution to this problem or if I have
to apply the ACL patch to kernel 2.4.20  

 

Thank you in advance,

Stefano

On Tue, 11 May 2004, Stefano Ciccarelli wrote:
> Hi,
> 
> I have a working installation of Samba 2.2.8a on Mandrake 9.2 - kernel
> 2.4.20 connected to a Win NT 4.0 sp6 via pam/winbind.
>  
IIRC, Mandrake 9.2 shipped with a 2.4.22 kernel? If you'vekep up with 
updates, you should be running 2.4.22-30mdk.
> 
> Everything works fine except that I cannot give the NT user
"administrator"
> administrative rights on samba and users cannot change samba file
> permissions from Win2k/WinXP
> 
You could use the "admin users" per-share parameter to give someusers 
"root" access.
>  
> 
> Here follows my smb.conf
> 
>  
> 
> # Samba config file created using SWAT
> 
> # from 0.0.0.0 (0.0.0.0)
> 
> # Date: 2004/04/28 11:35:22
> 

Hmm, another SWAT-mangled smb.conf. Please look at the provided example 
winbind samba configuration file, /etc/samba/smb-winbind.conf for some 
examplesfor use with winbind.
>  
> 
> # Global parameters
> 
> [global]
> 
>             workgroup = DOMAIN
> 
>             netbios name = SAMBA
> 
>             server string = Samba Server %v
> 
>             security = DOMAIN
> 
>             encrypt passwords = Yes
> 
>             obey pam restrictions = Yes
> 
>             password server = *
> 
>             log file = /var/log/samba/log.%m
> 
>             max log size = 50
> 
>             socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> 
>             character set = ISO8859-15
> 
>             os level = 18
> 
>             local master = No
> 
>             dns proxy = No
> 
>             winbind uid = 10000-20000
> 
>             winbind gid = 10000-20000
> 
>             template homedir = /users/%D/home/%U
> 
>             template shell = /bin/bash
> 
>             winbind separator = /
> 
>             winbind use default domain = Yes
> 
>             path = /home
> 
>             admin users = Administrator
> 
>  
> 
> [homes]
> 
>             path = /users/DOMAIN/home
> 
>             read only = No
> 
>             create mask = 0600
> 
>             directory mask = 0700
> 
>             browseable = No
> 
>             wide links = No
> 
>  
This share definition is broken. The homes share is special. Please take a 
look at the one in the example.
> 
> [felles]
> 
>             path = /users/DOMAIN/felles
> 
>         read only = No
> 
>             valid users = @"Domain Users", at
Domain_Ansatte,@"Domain
> Admins"
> 
>             force create mode = 0775
> 
>             force directory mode = 0775
> 
>  
> 
>  
> 
> I was wondering if there is a simple solution to this problem or if I have
> to apply the ACL patch to kernel 2.4.20  

IIRC, the 9.2 kernels should have ACL support already (at least on 
ext2/ext3), 9.1 had support for ACLs on XFS/ext2/ext3, 9.0 had support on 
XFS, and 8.2 had support on XFS. But, if permissions aren't working (users 
should be able to modify the permissions of files they own), then ACLs 
won't help you much (as only the owner or root can change ACLs).

Of course, also ensure that your permissions changes aren't being 
prevented by your share definitions.

Regards,
Buchan