S. J. van Harmelen
2006-Jun-08 08:17 UTC
[Samba] Error changing ACL when not the owner of the file...
Hi there folks, I hope someone will take a minute to help me out... We succesfully joined Samba 3.0.22 (on Debian using the .deb's from samba.org) to our W2K3 ADS domain. We done all the steps needed to get ACL's to work (compiled the kernel and mounted with ACl support) and all seems to be working great. What goes wrong is that when a user creates a file, the Admin can't change the ACL but get's a access denied error. After searching and reading a lot we found that we might needed to give the Admin the SeDiskOperatorPrivilege. So set 'enable privileges = yes' in the smb.conf and assigned the privilege. When checking (net rpc rights list accounts -U Administrator) the privilege seems to be assigned, but we still keep getting the access denied... Anyone has a pointer or a tip we can work with? Thanks in advance... ===================================================================== [global] security = ads password server = srv-solcon-01 encrypt passwords = true workgroup = solcon realm = SOLCON.LOCAL netbios name = testbak log file = /var/log/samba/samba.log log level = 2 syslog = 0 enable privileges = yes dos filemode = yes nt acl support = yes map acl inherit = yes idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind use default domain = yes [testdir] comment = testdir path = /usr/home/testdir read only = no browsable = yes writable = yes dos filemode = yes map archive = yes map hidden = yes map system = yes inherit permissions = yes veto oplock files = /*.mdb/*.MDB/ create mask = 0770 force create mode = 0440 directory mask = 0771 force directory mode = 0771 security mask = 0777 force security mode = 0440 directory security mask = 0777 force directory security mode = 0771 ===================================================================== Kind regards, Sander
Gerald (Jerry) Carter
2006-Jun-09 12:13 UTC
[Samba] Error changing ACL when not the owner of the file...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 S. J. van Harmelen wrote:> What goes wrong is that when a user creates a file, > the Admin can't change the ACL but get's a access > denied error.Set these in the shares: dos filemode = yes acl group control = yes cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEiWXGIR7qMdg1EfYRAnGWAJ0UHskzlEKZ7oApOAhW2NoKRd7JYwCfachZ Av8i6sAuwmEVsBheSnxDOKI=DxbV -----END PGP SIGNATURE-----