Hi All,
I've got Samba 2.2.2 and a 2.4.14 kernel with XFS and
tools (acl-1.1.3, attr-1.1.3, xfsprogs-1.3.13).
I'm also using winbind to authenticate against a W2K DC.
ACLs seem to work, but attributes (like modify privilege without delete
privilege)
seem not to. If I create a directory on a samba share via W2K
as the domain administrator, I can grant "Full Control" to another
user (say, for example, Guest). The user Guest effectively gets rwx.
However,
for example, if Guest attempts to
take ownership of the directory, it fails with an "access denied"
error
message.
The smbd log file reports a chown error message.
None of the other standard W2K/NT attributes work properly. They always
result in a linux rwx-style permission set and attr -l reports nothing
(it
appears that there are no extended attributes).
I've attached my test smb.conf below.
Any help would be greatly appreciated!
Rgds,
Scott
[global]
netbios name = ntauth-53
workgroup = devtest
server string = Resource Server
security = domain
password server = s-devdc
load printers = no
encrypt passwords = yes
username map = /etc/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
winbind separator = +
winbind uid = 10000-59999
winbind gid = 10000-59999
winbind enum users = yes
winbind enum groups = yes
[test]
path = /storage/test
comment = test
writable = yes
security mask = 0777
directory security mask = 0777
nt acl support = yes
On Mon, 7 Jan 2002, Scott Mann wrote:> Hi All, > > I've got Samba 2.2.2 and a 2.4.14 kernel with XFS and tools > (acl-1.1.3, attr-1.1.3, xfsprogs-1.3.13). I'm also using winbind to > authenticate against a W2K DC. > > ACLs seem to work, but attributes (like modify privilege without > delete privilege) seem not to. If I create a directory on a samba > share via W2K as the domain administrator, I can grant "Full Control" > to another user (say, for example, Guest). The user Guest effectively > gets rwx. However, for example, if Guest attempts to take ownership of > the directory, it fails with an "access denied" error message. The > smbd log file reports a chown error message. > > None of the other standard W2K/NT attributes work properly. They > always result in a linux rwx-style permission set and attr -l reports > nothing (it appears that there are no extended attributes).You are seeing expected behavior. See ftp://ftp.samba.org/pub/samba/slides/samba-acls.ag.ps.gz For a tutorial on POSIX ACLs. chau, jerry --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--