Okay, all i want is it does not work, or it does work and you are doing something wrong. I have my samba server setup and running 2.2.2 with linux-2.2.5_SGI_XFS_1.0.1. I am also using winbind, and it is great. If I can get this last bit to work I will upgrade allot of my servers. 1. I create a folder on the samba server and make the Domain Administrator owner and Domain Admins the group. Both groups have full control over this directory. 3776 is what the directory is set to. 2. Log into NT machine as Administrator and check the ACL's one the file. Just the basic ones. So I go and add some groups and users to the file. All works well. Cool! ( I really do like this). 3. Log out of NT machine and back in as user Ed. Now Ed is in Domain Admins group and should be able to change rights on the folder. So I go look at the ACL's for the folder and I can see the changes that I made as Administrator. So I click on remove to get a few users out and click ok, but an error will return telling me Access Denied! Do you wish to continue? So my question is what am I doing wrong here? I have attached my smb.conf file for you viewing pleasure. [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = CDC nt acl support = yes netbios name = storm server string = Samba Server security = DOMAIN encrypt passwords = TRUE update encrypted = TRUE password server = CDC-NT inherit permissions = Yes domain admin group = @CDC+Domain\ Admins preferred master = no local master = no log file = /var/log/samba/log.%m max log size = 50 announce version = 7.0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No bind interfaces only = yes interfaces = 192.168.1.1/255.255.255.0 create mode = yes winbind uid = 10000-20000 winbind gid = 10000-20000 winbind separator = + #============================ Share Definitions =============================[homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes # access to the directory. [Software] comment = Software Service path = /data/ public = yes writable = yes printable = no inherit permissions = Yes Just someone talk to me!
I think Samba will only let you change the access rights on a file if you either own it, or are the root user. Just having 'full control' rights to the file is not enough. -----Original Message----- From: Ed Mann [mailto:ed.mann@cp-direct.com] Sent: Friday, November 02, 2001 4:05 PM To: samba@lists.samba.org Subject: One more Time. Okay, all i want is it does not work, or it does work and you are doing something wrong. I have my samba server setup and running 2.2.2 with linux-2.2.5_SGI_XFS_1.0.1. I am also using winbind, and it is great. If I can get this last bit to work I will upgrade allot of my servers. 1. I create a folder on the samba server and make the Domain Administrator owner and Domain Admins the group. Both groups have full control over this directory. 3776 is what the directory is set to. 2. Log into NT machine as Administrator and check the ACL's one the file. Just the basic ones. So I go and add some groups and users to the file. All works well. Cool! ( I really do like this). 3. Log out of NT machine and back in as user Ed. Now Ed is in Domain Admins group and should be able to change rights on the folder. So I go look at the ACL's for the folder and I can see the changes that I made as Administrator. So I click on remove to get a few users out and click ok, but an error will return telling me Access Denied! Do you wish to continue? So my question is what am I doing wrong here? I have attached my smb.conf file for you viewing pleasure. [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = CDC nt acl support = yes netbios name = storm server string = Samba Server security = DOMAIN encrypt passwords = TRUE update encrypted = TRUE password server = CDC-NT inherit permissions = Yes domain admin group = @CDC+Domain\ Admins preferred master = no local master = no log file = /var/log/samba/log.%m max log size = 50 announce version = 7.0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No bind interfaces only = yes interfaces = 192.168.1.1/255.255.255.0 create mode = yes winbind uid = 10000-20000 winbind gid = 10000-20000 winbind separator = + #============================ Share Definitions =============================[homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes # access to the directory. [Software] comment = Software Service path = /data/ public = yes writable = yes printable = no inherit permissions = Yes Just someone talk to me! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
On 2 Nov 2001, Ed Mann wrote:> Okay, all i want is it does not work, or it does work and you are doing > something wrong. > > I have my samba server setup and running 2.2.2 with > linux-2.2.5_SGI_XFS_1.0.1. I am also using winbind, and it is great. If > I can get this last bit to work I will upgrade allot of my servers. > > 1. I create a folder on the samba server and make the Domain > Administrator owner and Domain Admins the group. Both groups have full > control over this directory. 3776 is what the directory is set to. > 2. Log into NT machine as Administrator and check the ACL's one the > file. Just the basic ones. So I go and add some groups and users to the > file. All works well. Cool! ( I really do like this). > 3. Log out of NT machine and back in as user Ed. Now Ed is in Domain > Admins group and should be able to change rights on the folder. So I go > look at the ACL's for the folder and I can see the changes that I made > as Administrator. So I click on remove to get a few users out and click > ok, but an error will return telling me Access Denied! Do you wish to > continue? > > So my question is what am I doing wrong here?Only the owner of a file (or root) can change the ACLs/permissions on a file. Yours Tony. /* * "The significant problems we face cannot be solved at the * same level of thinking we were at when we created them." * --Albert Einstein */