samba - Mar 2024 - Linux Mint 21.3 client AD joined OK but no usb working

On Wed, 27 Mar 2024 14:09:52 -0300
"Douglas G. Oechsler" <doguibnu at gmail.com> wrote:
> > > > OK, so I thought about this and I think it is a permissions
> > > > problem. To find out what permissions to apply, we need to
know
> > > > what is set now,
> > > >
> > > > I take it that, after you plug the USB drive in, it is
mounted
> > > > automatically on /media, so what does 'ls -l /media'
show ?
> > > >
> > > > Show this:
> > > The pendrive is plugged
> > >
> > > /media$ ls -l
> > > total 4
> > > drwxr-x---+ 4 root root 4096 mar 27 08:59 douglas-ti
> > > 70920 at douglas-note:/media$
> >
> > That on the face of it is only allowing the 'root' user full
> > permissions on the directory 'douglas-ti' (which I take it the
USB
> > drive) and members of the 'root' group, read and
enter/traverse.
> > There is however the '+' sign on the end of permissions, which
> > signifies that there is an EA in use, so what does 'getfacl
/media'
> > show ?
> >
> > Rowland
> >
> > It shows:
> >
> 
> 70920 at douglas-note:/$ getfacl media
> # file: media
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other::r-x
> 
>
That shows that anyone can traverse the /media directory to get to the
USB drives below it.

What I didn't notice was that you gave me the permissions for the USB
drive directory ( I asked for 'ls -l /media', you cd'ed into
/media,ran
'ls -l' and gave me the permissions of the USB drive directory)

So can you know give me the output of 'getfacl /media/douglas-ti'

Rowland

PS can you please stop CC'ing me, just reply to the list.

Em qua., 27 de mar. de 2024 ?s 14:34, Rowland Penny via samba <
samba at lists.samba.org> escreveu:
> On Wed, 27 Mar 2024 14:09:52 -0300
> "Douglas G. Oechsler" <doguibnu at gmail.com> wrote:
>
> > > > The pendrive is plugged
> > > >
> > > > /media$ ls -l
> > > > total 4
> > > > drwxr-x---+ 4 root root 4096 mar 27 08:59 douglas-ti
> > > > 70920 at douglas-note:/media$
> > >
> > > That on the face of it is only allowing the 'root' user
full
> > > permissions on the directory 'douglas-ti' (which I take
it the USB
> > > drive) and members of the 'root' group, read and
enter/traverse.
> > > There is however the '+' sign on the end of permissions,
which
> > > signifies that there is an EA in use, so what does 'getfacl
/media'
> > > show ?
> > >
> > > Rowland
> > >
> > > It shows:
> > >
> >
> > 70920 at douglas-note:/$ getfacl media
> > # file: media
> > # owner: root
> > # group: root
> > user::rwx
> > group::r-x
> > other::r-x
> >
> >
>
> That shows that anyone can traverse the /media directory to get to the
> USB drives below it.
>
> What I didn't notice was that you gave me the permissions for the USB
> drive directory ( I asked for 'ls -l /media', you cd'ed into
/media,ran
> 'ls -l' and gave me the permissions of the USB drive directory)
>
> I am sorry!

> So can you know give me the output of 'getfacl /media/douglas-ti'
>
>
70920 at douglas-note:~$ getfacl /media/douglas-ti
# file: media/douglas-ti
# owner: root
# group: root
user::rwx
user:douglas-ti:r-x
group::---
mask::r-x
other::---


Rowland
>
> PS can you please stop CC'ing me, just reply to the list.
>
Right, sorry

>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
*Douglas Giovani Oechsler*
e-mail: doguibnu at gmail.com <douglasgiovani at oechsler.com.br>
*Prudent?polis - PR*