On Fri, 26 Jan 2018 14:18:53 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Fri, 26 Jan 2018 14:10:40 +0100 > Micha Ballmann <ballmann at uni-landau.de> wrote: > > > To set share windows permissions and windows acl i login on a > > windows 7 computer with the administrator user.|Open ||Computer > > Management and connect to the fileserver. when im trying now to set > > acl i ve no permissions.||||||| > > > > Well, I couldn't understand why it wasn't working, so I fired up a VM > running win7 and guess what, it doesn't work for me either, it did, > but it doesn't now :-( > > I will get back to you. > > Rowland >OK, I found out why it wasn't working, I was connecting to a share that belonged to 'root:root' with 'drwxr-xr-x' permissions. I created a new share: [data] path = /home/testdata read only = no mkdir /home/testdata getfacl /home/testdata shows this: getfacl: Removing leading '/' from absolute path names # file: home/testdata # owner: rowland # group: domain\040users user::rwx user:root:rwx group::--- group:root:--- group:2004:r-x group:2005:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:group::--- default:group:root:--- default:group:2004:r-x default:group:2005:rwx default:mask::rwx default:other::--- Change the ownership: chown root:Unix\ Admins /home/testdata Now go to the Win7 VM and add 'rowland' back as a user with 'Read & execute, List folder contents and Read' permissions. This worked without error and getfacl now shows: getfacl: Removing leading '/' from absolute path names # file: home/testdata # owner: root # group: unix\040admins user::rwx user:root:rwx user:rowland:r-x group::--- group:root:--- group:2004:r-x group:2005:rwx group:unix\040admins:--- mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:rowland:r-x default:group::--- default:group:root:--- default:group:2004:r-x default:group:2005:rwx default:group:unix\040admins:--- default:mask::rwx default:other::--- Do you have these lines in smb.conf: vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes Are the 'acl' and 'attr' packages installed. Rowland
Hello, i also fired up a new vm :) and configured "rid" backend. I followed all step in https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs. Sett the Attributs in smb.conf: vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes Granting the SeDiskOperatorPrivilege: # net rpc rights grant "SAMDOM\Domain Admins" SeDiskOperatorPrivilege -U (successful after trourbleshoting) Adding Share (i just copy and paste the example): # mkdir -p /srv/samba/Demo/ # chown root:"Domain Admins" /srv/samba/Demo/ --> NOW WORKING BECAUSE I SET UP RID BACKEND # chmod 0770 /srv/samba/Demo/ smb.conf [Demo] path = /srv/samba/Demo/ read only = no -> Login to Windows with administrator and connect to FILESERVER via "Computer Management" -> Chosing Demo Share and going to security Tab -> Regarads Micha Am 26.01.2018 um 16:31 schrieb Rowland Penny via samba:> On Fri, 26 Jan 2018 14:18:53 +0000 > Rowland Penny via samba <samba at lists.samba.org> wrote: > >> On Fri, 26 Jan 2018 14:10:40 +0100 >> Micha Ballmann <ballmann at uni-landau.de> wrote: >> >>> To set share windows permissions and windows acl i login on a >>> windows 7 computer with the administrator user.|Open ||Computer >>> Management and connect to the fileserver. when im trying now to set >>> acl i ve no permissions.||||||| >>> >> Well, I couldn't understand why it wasn't working, so I fired up a VM >> running win7 and guess what, it doesn't work for me either, it did, >> but it doesn't now :-( >> >> I will get back to you. >> >> Rowland >> > OK, I found out why it wasn't working, I was connecting to a share that > belonged to 'root:root' with 'drwxr-xr-x' permissions. > > I created a new share: > > [data] > path = /home/testdata > read only = no > > mkdir /home/testdata > > getfacl /home/testdata shows this: > > getfacl: Removing leading '/' from absolute path names > # file: home/testdata > # owner: rowland > # group: domain\040users > user::rwx > user:root:rwx > group::--- > group:root:--- > group:2004:r-x > group:2005:rwx > mask::rwx > other::--- > default:user::rwx > default:user:root:rwx > default:group::--- > default:group:root:--- > default:group:2004:r-x > default:group:2005:rwx > default:mask::rwx > default:other::--- > > Change the ownership: > > chown root:Unix\ Admins /home/testdata > > Now go to the Win7 VM and add 'rowland' back as a user with 'Read & > execute, List folder contents and Read' permissions. This worked > without error and getfacl now shows: > > getfacl: Removing leading '/' from absolute path names > # file: home/testdata > # owner: root > # group: unix\040admins > user::rwx > user:root:rwx > user:rowland:r-x > group::--- > group:root:--- > group:2004:r-x > group:2005:rwx > group:unix\040admins:--- > mask::rwx > other::--- > default:user::rwx > default:user:root:rwx > default:user:rowland:r-x > default:group::--- > default:group:root:--- > default:group:2004:r-x > default:group:2005:rwx > default:group:unix\040admins:--- > default:mask::rwx > default:other::--- > > Do you have these lines in smb.conf: > > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > > Are the 'acl' and 'attr' packages installed. > > Rowland >
Im sorry last mail was not complete. ... -> Login to Windows with administrator and connect to FILESERVER via "Computer Management" -> Chosing Demo Share and going to security Tab -> Cant set any ACL because, permission denied! Am 27. Januar 2018 11:35:53 MEZ schrieb Micha Ballmann via samba <samba at lists.samba.org>:>Hello, > >i also fired up a new vm :) and configured "rid" backend. I followed >all >step in >https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs. > >Sett the Attributs in smb.conf: > >vfs objects = acl_xattr >map acl inherit = yes >store dos attributes = yes > >Granting the SeDiskOperatorPrivilege: > ># net rpc rights grant "SAMDOM\Domain Admins" SeDiskOperatorPrivilege >-U >(successful after trourbleshoting) > >Adding Share (i just copy and paste the example): > ># mkdir -p /srv/samba/Demo/ ># chown root:"Domain Admins" /srv/samba/Demo/ --> NOW WORKING BECAUSE I > >SET UP RID BACKEND ># chmod 0770 /srv/samba/Demo/ > >smb.conf > >[Demo] > path = /srv/samba/Demo/ > read only = no > >-> Login to Windows with administrator and connect to FILESERVER via >"Computer Management" -> Chosing Demo Share and going to security Tab >-> > >Regarads > >Micha > > >Am 26.01.2018 um 16:31 schrieb Rowland Penny via samba: >> On Fri, 26 Jan 2018 14:18:53 +0000 >> Rowland Penny via samba <samba at lists.samba.org> wrote: >> >>> On Fri, 26 Jan 2018 14:10:40 +0100 >>> Micha Ballmann <ballmann at uni-landau.de> wrote: >>> >>>> To set share windows permissions and windows acl i login on a >>>> windows 7 computer with the administrator user.|Open ||Computer >>>> Management and connect to the fileserver. when im trying now to set >>>> acl i ve no permissions.||||||| >>>> >>> Well, I couldn't understand why it wasn't working, so I fired up a >VM >>> running win7 and guess what, it doesn't work for me either, it did, >>> but it doesn't now :-( >>> >>> I will get back to you. >>> >>> Rowland >>> >> OK, I found out why it wasn't working, I was connecting to a share >that >> belonged to 'root:root' with 'drwxr-xr-x' permissions. >> >> I created a new share: >> >> [data] >> path = /home/testdata >> read only = no >> >> mkdir /home/testdata >> >> getfacl /home/testdata shows this: >> >> getfacl: Removing leading '/' from absolute path names >> # file: home/testdata >> # owner: rowland >> # group: domain\040users >> user::rwx >> user:root:rwx >> group::--- >> group:root:--- >> group:2004:r-x >> group:2005:rwx >> mask::rwx >> other::--- >> default:user::rwx >> default:user:root:rwx >> default:group::--- >> default:group:root:--- >> default:group:2004:r-x >> default:group:2005:rwx >> default:mask::rwx >> default:other::--- >> >> Change the ownership: >> >> chown root:Unix\ Admins /home/testdata >> >> Now go to the Win7 VM and add 'rowland' back as a user with 'Read & >> execute, List folder contents and Read' permissions. This worked >> without error and getfacl now shows: >> >> getfacl: Removing leading '/' from absolute path names >> # file: home/testdata >> # owner: root >> # group: unix\040admins >> user::rwx >> user:root:rwx >> user:rowland:r-x >> group::--- >> group:root:--- >> group:2004:r-x >> group:2005:rwx >> group:unix\040admins:--- >> mask::rwx >> other::--- >> default:user::rwx >> default:user:root:rwx >> default:user:rowland:r-x >> default:group::--- >> default:group:root:--- >> default:group:2004:r-x >> default:group:2005:rwx >> default:group:unix\040admins:--- >> default:mask::rwx >> default:other::--- >> >> Do you have these lines in smb.conf: >> >> vfs objects = acl_xattr >> map acl inherit = Yes >> store dos attributes = Yes >> >> Are the 'acl' and 'attr' packages installed. >> >> Rowland >> > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba-- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.