Douglas G. Oechsler
2024-Mar-27 17:45 UTC
[Samba] Linux Mint 21.3 client AD joined OK but no usb working
Em qua., 27 de mar. de 2024 ?s 14:34, Rowland Penny via samba < samba at lists.samba.org> escreveu:> On Wed, 27 Mar 2024 14:09:52 -0300 > "Douglas G. Oechsler" <doguibnu at gmail.com> wrote: > > > > > The pendrive is plugged > > > > > > > > /media$ ls -l > > > > total 4 > > > > drwxr-x---+ 4 root root 4096 mar 27 08:59 douglas-ti > > > > 70920 at douglas-note:/media$ > > > > > > That on the face of it is only allowing the 'root' user full > > > permissions on the directory 'douglas-ti' (which I take it the USB > > > drive) and members of the 'root' group, read and enter/traverse. > > > There is however the '+' sign on the end of permissions, which > > > signifies that there is an EA in use, so what does 'getfacl /media' > > > show ? > > > > > > Rowland > > > > > > It shows: > > > > > > > 70920 at douglas-note:/$ getfacl media > > # file: media > > # owner: root > > # group: root > > user::rwx > > group::r-x > > other::r-x > > > > > > That shows that anyone can traverse the /media directory to get to the > USB drives below it. > > What I didn't notice was that you gave me the permissions for the USB > drive directory ( I asked for 'ls -l /media', you cd'ed into /media,ran > 'ls -l' and gave me the permissions of the USB drive directory) > > I am sorry!> So can you know give me the output of 'getfacl /media/douglas-ti' > >70920 at douglas-note:~$ getfacl /media/douglas-ti # file: media/douglas-ti # owner: root # group: root user::rwx user:douglas-ti:r-x group::--- mask::r-x other::--- Rowland> > PS can you please stop CC'ing me, just reply to the list. >Right, sorry> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- *Douglas Giovani Oechsler* e-mail: doguibnu at gmail.com <douglasgiovani at oechsler.com.br> *Prudent?polis - PR*
Rowland Penny
2024-Mar-27 18:13 UTC
[Samba] Linux Mint 21.3 client AD joined OK but no usb working
On Wed, 27 Mar 2024 14:45:03 -0300 "Douglas G. Oechsler via samba" <samba at lists.samba.org> wrote:> Em qua., 27 de mar. de 2024 ?s 14:34, Rowland Penny via samba < > samba at lists.samba.org> escreveu: > > > On Wed, 27 Mar 2024 14:09:52 -0300 > > "Douglas G. Oechsler" <doguibnu at gmail.com> wrote: > > > > > > > The pendrive is plugged > > > > > > > > > > /media$ ls -l > > > > > total 4 > > > > > drwxr-x---+ 4 root root 4096 mar 27 08:59 douglas-ti > > > > > 70920 at douglas-note:/media$ > > > > > > > > That on the face of it is only allowing the 'root' user full > > > > permissions on the directory 'douglas-ti' (which I take it the > > > > USB drive) and members of the 'root' group, read and > > > > enter/traverse. There is however the '+' sign on the end of > > > > permissions, which signifies that there is an EA in use, so > > > > what does 'getfacl /media' show ? > > > > > > > > Rowland > > > > > > > > It shows: > > > > > > > > > > 70920 at douglas-note:/$ getfacl media > > > # file: media > > > # owner: root > > > # group: root > > > user::rwx > > > group::r-x > > > other::r-x > > > > > > > > > > That shows that anyone can traverse the /media directory to get to > > the USB drives below it. > > > > What I didn't notice was that you gave me the permissions for the > > USB drive directory ( I asked for 'ls -l /media', you cd'ed into > > /media,ran 'ls -l' and gave me the permissions of the USB drive > > directory) > > > > I am sorry! > > > > > So can you know give me the output of 'getfacl /media/douglas-ti' > > > > > 70920 at douglas-note:~$ getfacl /media/douglas-ti > # file: media/douglas-ti > # owner: root > # group: root > user::rwx > user:douglas-ti:r-x > group::--- > mask::r-x > other::--- >OK, there doesn't seem to be anything stopping the user 'douglas-ti' reading & traversing to the USB drive. In an attempt to understand this, I plugged in a USB drive and guess what, I am in the same place, I can read and traverse the drive, but I cannot write to it. Now thinking about apparmor, could this be stopping writing to the drive ?> > Rowland > > > > PS can you please stop CC'ing me, just reply to the list. > > > > Right, sorryNo problem, it just makes things easier for me. Rowland