After looking at my own post, I see I need to tweak my questions.
I have the Win2000 client(s) in a Samba domain. Domain authentication
works fine, my "homes" share works fine, remote profiles work fine.
Using 3.0.1Pre1 I would like to add people to "someshare" through the
Security tab, and control their access through windows ACL's.
How should I setup a share as a basis for doing this?
The share below (someshare) in this email doesn't work. Although I get
no error when adding another user to the share through the security tab
in windows, and the ACL's on the Linux side get added. The newly added
user does not have permission to write to the share.
Does the "read list", "write list" and other similar
parameters take
precedence over an ACL set through windows?
If the share definition overrides all the ACL's, what good are ACL's? Am
I not using them properly?
How should I setup a share with minimal rights so an administrator can
grant users access to the share, through Windows ACL's?
Does winbind offer any advantages to me if no other DC's are involved. I
have one samba 3.0.1 DC with several win2000 PC's as a testbed. I'm
trying to really scope out what ACL's do for me. I've read the section
on Winbind according to the "Target Uses" section winbind would be
good
for adding Linux machines to an existing NT network. I will have no
existing NT machines or Domains so what does winbind offer me and do I
need to run it anyway?
On my NT4 box we grant access to printers through the Security tab on
the printer, adding the user to the printer. Is this possible with
ACL's as they exist now with Samba and the ACL patch?
If so, how would you add a printer as a domain resource to do this,
again through windows? Or does it have to be added (if it can be added)
on the Linux side? If on linux side, how do you add/create a domain
printer. Is the printer in the domain simply by being in the smb.conf
file? I don't see my printer as a resource, domain or other,to choose
from in the security tab from within windows.
I did read the April 21 2003 version of the howto and these things were
not clear to me. After I figure them out I would be happy to give you
some verbage if you would care to have it.
Thanks again Samba folks
Doug P
Douglas Phillipson wrote:> I'm really struggling with ACL's and permissions. I have a share
owned
> by a user (douglas). Douglas can read, write and create to the share:
>
> [someshare]
> comment = Public Stuff
> path = /home/samba/pub
> nt acl support = yes
> public = yes
> admin users = douglas
> write list = douglas
>
> I'm logged in to Win2000 as douglas. Through the security tab on
> Win2000 I add read and write permission to the top level share called
> public (but it's not really public) for "terry". I see terry
in the
> list and everything seems to go OK in setting it. Then I log off and
> login as terry. Terry has no write access to the share. What takes
> precedence? The share definition in smb.conf or settings through the
> security tab in windows, which should be the ACL's. Does adding a
user
> through the security tab effectively add another user to the "write
> list". If so, it isn't. What am I doing wrong?
>
> Here are the linux permissions:
>
> ls -ld /home/samba/pub
> drwxrwxrwt 3 douglas douglas 4096 2003-10-20 22:18
> /home/samba/pub
>
> Here are the ACL's from linux
> getfacl -R --skip-base /home/samba/pub
>
> getfacl: Removing leading '/' from absolute path names
> # file: home/samba/pub
> # owner: douglas
> # group: douglas
> user::rwx
> user:terry:rwx
> group::r-x
> mask::rwx
> other::rwx
> default:user::rwx
> default:user:terry:rwx <<<<< Shouldn't terry have rwx
access
> according to this?
> default:group::---
> default:mask::rwx
> default:other::---
>
>
>
>