brennion@buerstner.com
2005-Mar-02 08:01 UTC
AW: [Samba] Samba - NT ACL implemented by Unix Posix ACL via Samb a
I'm not an expert on that, but did you tried the following settings on smb.conf for your share : admin users = NTDOMAIN+Administrator valid users = ..... I think this is necessary to use ACL with samba and ntdomain... -----Urspr?ngliche Nachricht----- Von: Gerald (Jerry) Carter [mailto:jerry@samba.org] Gesendet: Montag, 28. Februar 2005 16:43 An: Juer Lee Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba - NT ACL implemented by Unix Posix ACL via Samba -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Juer Lee wrote: | 1. Why Samba always think the owner always | has 'READ' access right on a file, 'READ and WRITE' access | rights on a directory? I checked the code of | posix_acls.c, those bits are OR-ed by default It was a workaround for some empty nttrans_set_security_descriptor() requests IIRC. Mostly had problems with profiles becoming unusable. | 2. Try to create a folder via the Samba | Win2k client(make sure there are only base permissions | on it - no any ACLs), right click on the folder and go | to 'Security' tab, choose the owner in the name table, | tick some check-boxes in column 'Allow' and | click 'Apply', you will see two more entries 'CREATOR OWNER' | and 'CREATOR GROUP' are displayed - I understand this | is caused by that the default ACLs are created. | ut why the default ACLs for the owner is NOT created?? | The default ACLs can only be created when the | former steps are repeated. If I understand your question correctly, it is because Samba only translates the acls as they exist on disk. You can setup the default acls from a shell prompt if you like. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCIzwHIR7qMdg1EfYRAv+BAJ4hWjAvMlVGM8Vp89l3FIQLFBd8ywCfdCE8 qYbhIRHEYjY1oUWVI1Ifaas=5jPt -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Juer Lee
2005-Mar-02 08:53 UTC
[Samba] Samba - NT ACL implemented by Unix Posix ACL via Samba
This issue is not caused by that the client user doesn't have privilege to set ACLs. 'admin users' won't help -----Original Message----- From: brennion@buerstner.com [mailto:brennion@buerstner.com] Sent: Wednesday, March 02, 2005 16:00 To: jerry@samba.org; juer.lee@plasmon.ie Cc: samba@lists.samba.org Subject: AW: [Samba] Samba - NT ACL implemented by Unix Posix ACL via Samba I'm not an expert on that, but did you tried the following settings on smb.conf for your share : admin users = NTDOMAIN+Administrator valid users = ..... I think this is necessary to use ACL with samba and ntdomain... -----Urspr?ngliche Nachricht----- Von: Gerald (Jerry) Carter [mailto:jerry@samba.org] Gesendet: Montag, 28. Februar 2005 16:43 An: Juer Lee Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba - NT ACL implemented by Unix Posix ACL via Samba -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Juer Lee wrote: | 1. Why Samba always think the owner always | has 'READ' access right on a file, 'READ and WRITE' access | rights on a directory? I checked the code of | posix_acls.c, those bits are OR-ed by default It was a workaround for some empty nttrans_set_security_descriptor() requests IIRC. Mostly had problems with profiles becoming unusable. | 2. Try to create a folder via the Samba | Win2k client(make sure there are only base permissions | on it - no any ACLs), right click on the folder and go | to 'Security' tab, choose the owner in the name table, | tick some check-boxes in column 'Allow' and | click 'Apply', you will see two more entries 'CREATOR OWNER' | and 'CREATOR GROUP' are displayed - I understand this | is caused by that the default ACLs are created. | ut why the default ACLs for the owner is NOT created?? | The default ACLs can only be created when the | former steps are repeated. If I understand your question correctly, it is because Samba only translates the acls as they exist on disk. You can setup the default acls from a shell prompt if you like. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCIzwHIR7qMdg1EfYRAv+BAJ4hWjAvMlVGM8Vp89l3FIQLFBd8ywCfdCE8 qYbhIRHEYjY1oUWVI1Ifaas=5jPt -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba