[This email is either empty or too large to be displayed at this time]
Hello! I have the following problem: I have an linux file server (member server ADS), with authenticating against ADS. It works fine. All user data / memberships are correct. ACLs works successfully for reading and so on. But I'll can? change ACLs, if i'm the owner of this file/folder. If I'm member of an ownerproup or I have full access via ACLs (as user or as a member of a group) I always get an error message: setfacl: test_unixgrpvoll: Operation not permitted Any Ideas? Thanks!!
Sven Geggus schrieb:> Bjoern_80@gmx.de wrote: > > > > But I'll can? change ACLs, if i'm the owner of this file/folder. If > > I'm member of an ownerproup or I have full access via ACLs (as user or > > as a member of a group) I always get an error message: > > setfacl: test_unixgrpvoll: Operation not permitted > > RTFL hels in this case! > > from smb.conf(5) > > --cut-- > dos filemode (S) > > The default behavior in Samba is to provide UNIX-like behavior where > only the owner of a file/directory is able to change the permissions > on? it.? However,? this? behavior? is often confusing to DOS/Windows > users. Enabling this parameter allows a user who has write access > to the? file? (by? whatever means) to modify the permissions > (including ACL) on it. Note that a user belonging to the group owning > the file will? not? be? allowed? to? change? permissions if the > group > is only granted read access. Ownership of the file/directory may also > be changed. > > Default: dos filemode = no > --cut-- > > from setfacl(1) > > --cut-- > PERMISSIONS > > The? file? owner? and? processes? capable of CAP_FOWNER are granted > the > right to modify ACLs of a file. This is analogous? to? the permissions > required? for? accessing the file mode. (On current Linux systems, root > is the only user with the CAP_FOWNER capability.) > --cut-- > > Regards > > Sven? > > >Hello! Dos filemode works for the main unixgroup, but not for ACL-Users/Groups (with full access). Is there an opportunity also for ACL-Users/Groups Regards... Bj?rn
Gerald (Jerry) Carter
2007-Jun-01 12:11 UTC
[Samba] Re: changing ACLs only as owner possible
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bjoern_80@gmx.de wrote:> Dos filemode works for the main unixgroup, but not for ACL-Users/Groups > (with full access). > Is there an opportunity also for ACL-Users/GroupsIt does apply to acls in current releases. Easlier release use the "acl group control" (cannot remember the exact name off the top of my head) option. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGYAzIIR7qMdg1EfYRAp9eAKDwa85AuQKCqpJhCuDQ9/JrV2+vfwCeLIWo It8X3mrV64NGSldlT0Evths=RUYn -----END PGP SIGNATURE-----
Possibly Parallel Threads
- CAP_FOWNER=ep for asterisk
- [PATCH] Btrfs: allow subvol deletion by unprivileged user with -o user_subvol_rm_allowed
- Samba 3.0 issues with mapped drives properties
- [PATCH v2] kinit: Add drop_capabilities support.
- [PATCH v1 0/2] Support dropping of capabilities from early userspace.