OK so I've got samba-3.0.11 compiled with ACL support. I've running 2.4.25 with the ACL/ATTR patch applied. I can read and set ACLS's using the getfacl/setfacl programs. ldd /usr/sbin/smbd shows it's linked to libattr.so.1 and libacl.so.1. I can read ACL with the smbcacls program, but when I try to set them I get: ERROR: Unable to open credentials file! Also from the windows side, in the properties of a file in it show the users and groups for that file but it lists the perms is all blank, and when I try to change the perms I get a window labeled 'Security' with the message: Unable to save premission changes on xxxxxxxxxxxx. Access is denied. -- David Sonenberg Systems / Network Administrator Stroz Friedberg, LLC 15 Maiden Lane 15th Floor New York, NY 10038 Tel 212.981.6527 Fax 917.495.4918 This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No right to confidential or privileged treatment of this message is waived or lost by any error in transmission. If you have received this message in error, please immediately notify the sender by e-mail or by telephone at 212.981.6540, delete the message and all copies from your system and destroy any hard copies. You must not, directly or indirectly, use, disclose, distribute, print or copy any part of this message if you are not the intended recipient.
Are you used a root or user with administrator right ? David Sonenberg a ?crit :> OK so I've got samba-3.0.11 compiled with ACL support. I've running > 2.4.25 with the ACL/ATTR patch applied. I can read and set ACLS's > using the getfacl/setfacl programs. ldd /usr/sbin/smbd shows it's > linked to libattr.so.1 and libacl.so.1. I can read ACL with the > smbcacls program, but when I try to set them I get: > ERROR: Unable to open credentials file! > > Also from the windows side, in the properties of a file in it show the > users and groups for that file but it lists the perms is all blank, > and when I try to change the perms I get a window labeled 'Security' > with the message: > Unable to save premission changes on xxxxxxxxxxxx. > Access is denied.-- St?phane Purnelle <stephane.purnelle@tiscali.be> Site Web : http://www.linuxplusvalue.be
I experience similar symptoms with both 3.0.10-as-found-in-fedora-core-3 and samba-3.0.11. One difference is that I haven't been able to make smbcacls get as far as denying permission. Shouldn't this command work? smbcacls //localhost/research research1.txt -a ACL:AD\\MarketingGroup:ALLOWED/0/RWX -U AD\\administrator Password: Failed to parse ACL ACL:AD\MarketingGroup Note that when I remove the -a to just list ACLs, it works fine, so a parsing error doesn't make much sense here: [root@ADSambaFP1 ~]# smbcacls //localhost/research research1.txt ACL:AD\\MarketingGroup:ALLOWED/0/RWX -U AD\\administrator Password: REVISION:1 OWNER:AD\salesperson1 GROUP:S-1-5-21-875667829-2241442456-3328505926-1130 ACL:AD\salesperson1:ALLOWED/0/RW ACL:S-1-5-21-875667829-2241442456-3328505926-1130:ALLOWED/0/R ACL:\Everyone:ALLOWED/0/R Yes, I can use getfacl and setfacl successfully and yes, ACLs are enabled in Samba and on the ext3 file system in question (POSIX ACLs). Thanks for any information. On Mon, 28 Feb 2005, David Sonenberg wrote:> OK so I've got samba-3.0.11 compiled with ACL support. I've running 2.4.25 > with the ACL/ATTR patch applied. I can read and set ACLS's using the > getfacl/setfacl programs. ldd /usr/sbin/smbd shows it's linked to > libattr.so.1 and libacl.so.1. I can read ACL with the smbcacls program, but > when I try to set them I get: > ERROR: Unable to open credentials file! > > Also from the windows side, in the properties of a file in it show the users > and groups for that file but it lists the perms is all blank, and when I try > to change the perms I get a window labeled 'Security' with the message: > Unable to save premission changes on xxxxxxxxxxxx. > Access is denied. > -- > David Sonenberg > Systems / Network Administrator > Stroz Friedberg, LLC > 15 Maiden Lane > 15th Floor > New York, NY 10038 > Tel 212.981.6527 > Fax 917.495.4918 > > This message is for the named person's use only. It may contain > confidential, proprietary or legally privileged information. No right to > confidential or privileged treatment of this message is waived or lost by any > error in transmission. If you have received this message in error, please > immediately notify the sender by e-mail or by telephone at 212.981.6540, > delete the message and all copies from your system and destroy any hard > copies. You must not, directly or indirectly, use, disclose, distribute, > print or copy any part of this message if you are not the intended recipient. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >-- Thomas Boutell Boutell.Com, Inc. http://www.boutell.com/
> -----Original Message----- > From: David Sonenberg [mailto:dsonenberg@strozllc.com]> Shouldn't regular users be able to modify ACL's for files they have > write access to? I get the same error when I try to run the smcacl > program with Domain Admin priveleges.I think you have to be either root or the file's owner to change permissions. It's a UNIX thing.
> On Thu, 3 Mar 2005, David Sonenberg wrote: > > > First off I'm talking about through the windows interface, > or using smbcacl. > > Second let me rephrase my question. Shouldn't > non-privileged users be able > > to modify ACL's for files that they own?Yes, I think so. You said "for files that they have write privilages to," earlier, which is not the same thing.