Hello!
A good day to you all. i seem to be experiencing a
quirk with my test setup, as i am unable to delete
files/folders even with the proper ACL entries.
i am using the stock samba 3 package on
FC4(samba-3.0.14a-2), and have set up winbind
authentication against a Windows NT 4 PDC. i've
created two users, user1 and user2, which have their
primary group set to group1(gid=16777221) as shown:
[root@localhost]# id user1
uid=16777450(user1) gid=16777221 groups=16777221
[root@localhost]# id user2
uid=16777451(user2) gid=16777221 groups=16777221
i've created the "data" share, made the "admin_stuff"
directory and have set the access/default ACLS as
follows:
[root@localhost]# getfacl /data/admin_stuff
getfacl: Removing leading '/' from absolute path names
# file: /data/admin_stuff
# owner: root
# group: root
user::rwx
group::rwx
group:16777221:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:16777221:rwx
default:mask::rwx
default:other::---
i then logged on as user1 using a windows 2000 pc, and
logged on as user2 on a windows xp pc.
i used the user1 account to create the file user1.txt
, and used user2.txt to create user2.txt on the said
directory. the getfacl entries are as follows:
[root@localhost ADMIN]# getfacl user1.txt
# file: user1.txt
# owner: new
# group: 16777221
user::rwx
group::---
group:16777221:rwx
mask::rwx
other::---
[root@localhost ADMIN]# getfacl user2.txt
# file: user2.txt
# owner: new2
# group: 16777221
user::rwx
group::---
group:16777221:rwx
mask::rwx
other::---
i have no problems editing either files using
either accounts. But i can't seem to delete user1.txt
when logged on as user2 on the WinXP machine. i got
this error:
"Cannot delete user1.txt: Access is denied. Make sure
the disk is not full or write-protected and that the
file is not currently in use."
However, i have no problems deleting user2.txt
when logged on as user1 on the Windows 2000 machine.
My smb.conf is as follows:
######################################################
#======================= Global Settings
====================================[global]
workgroup = TESTDOMAIN
netbios name = ENTERPRISE
server string = Test Server
hosts allow = 192.168.0. 192.168.1.
; load printers = yes
; printing = cups
; cups options = raw
log file = /var/log/samba/%m.log
max log size = 1048576
security = server
password server = *
password level = 30
username level = 30
smb passwd file = /etc/samba/smbpasswd
# The following are needed to allow password changing
from Windows to
# update the Linux system password also.
# NOTE: Use these with 'encrypt passwords' and 'smb
passwd file' above.
# NOTE2: You do NOT need these to allow workstations
to change only
# the encrypted SMB passwords. They allow the
Unix password
# to be kept in sync with the SMB password.
; unix password sync = Yes
; passwd program = /usr/bin/passwd %u
; passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
# Unix users can map to different SMB User names
; username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
remote announce = 192.168.0.255 192.168.1.255
local master = no
os level = 33
name resolve order = wins lmhosts bcast
wins server = 192.168.0.44
preserve case = yes
case sensitive = no
#============================ Share Definitions
============================= idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind separator = +
winbind uid = 16777216-33554431
winbind gid = 16777216-33554431
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
nt acl support = yes
inherit acls = no
ea support = yes
# auth methods = winbind
follow symlinks = yes
wide links = yes
log level = 20
[data]
create mask = 0700
#force create mode = 0777
path = /data
browsable = yes
writable = yes
######################################################
Any ideas? Thanks
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com