samba - Oct 2007 - How to make "Add permission" for folder in system withntacl support?

Hi!

Let's go back to this topic please! I have to replace the Windows NT 4.0 
server with Samba but I still don't know how to do this. I need to allow to 
someone (some user group) the right to add files into the folder. They use 
this "feature" on current NT server ver often and to this in the
following
ways:

1. Rightclick on file you want to add, Copy, then go to server, for exaple 
(\\main\), locate the desired share name, rightclick on it and Paste.
2. Just drag the files you want to add to desired sharename.

But when you will try to go in the same share, you will receive the 
"permission denied" message and will  not be able to read the files or
just
list them.


Is there a way to make it with Samba or not?
> setfacl -m g:"ntadmins":rwx -R /home/ntadmins
>
> Now, the second type of permissions apply to any file (or directory) that 
> is created in /home/ntadmins:
>
> setfacl -m d:g:"ntusers":--- -R /home/ntadmins
> The effect of the second setfacl command says that the group ntusers will 
> be explicitly given no access to any file or directory created in 
> /home/ntadmins.
I tried to do this way but it create a subfile or subfolder readoble and 
writeable at lease by creator. In case with NT user who has a right only for 
adding files can not go into the folder and see and read the content there 
even if he just added this content into this folder or share.

Please point me to the right way, thanks.

G.

On 10/31/07, Georgy Goshin <gosha@inbox.ee> wrote:
> Hi!
>
> Let's go back to this topic please! I have to replace the Windows NT
4.0
> server with Samba but I still don't know how to do this. I need to
allow to
> someone (some user group) the right to add files into the folder. They use
> this "feature" on current NT server ver often and to this in the
following
> ways:
>
> 1. Rightclick on file you want to add, Copy, then go to server, for exaple
> (\\main\), locate the desired share name, rightclick on it and Paste.
> 2. Just drag the files you want to add to desired sharename.
>
> But when you will try to go in the same share, you will receive the
> "permission denied" message and will  not be able to read the
files or just
> list them.
>
>
> Is there a way to make it with Samba or not?
>
Unless you are doing something weird this should be easy. The first
thing is to fix the unix filesystem permissions so that the users in
question have the correct acl and permissions (probably you need to
chmod 2775) so that if they were logged into the unix server they can
add files and folders to the same location that you are sharing out
via samba.
> > setfacl -m g:"ntadmins":rwx -R /home/ntadmins
> >
> > Now, the second type of permissions apply to any file (or directory)
that
> > is created in /home/ntadmins:
> >
> > setfacl -m d:g:"ntusers":--- -R /home/ntadmins
>
> > The effect of the second setfacl command says that the group ntusers
will
> > be explicitly given no access to any file or directory created in
> > /home/ntadmins.
>
> I tried to do this way but it create a subfile or subfolder readoble and
> writeable at lease by creator. In case with NT user who has a right only
for
> adding files can not go into the folder and see and read the content there
> even if he just added this content into this folder or share.
>
> Please point me to the right way, thanks.
>
You need to post the details of your setup including of the
permissions on the unix side.

John

> Definitely possible in Samba.  Start with the correct POSIX permissions on 
> the directories, then follow the references below.
>
> This chapter, in general
>
http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html
>
> and this section, in particular
>
http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id374339
>
> with or without POSIX acl's should explain how to do what you want.
Please please please. I've tried already combinations this weekend, spen two
days and lost any understanding of logic of file permissions and gived up! 
Please make someone for me small sample please!


Thanks in advance,
Georgy

Ive been suffering from a problem that comes into the
default samba provided by debian etch 4.0 stable.

When there are file/dir modifications on shared
folders, the results do not appear on the windows
client inmediately.

My configuration is the most basic possible, straight
out of this howto

http://www.howtoforge.com/debian_etch_samba_standalone_server_with_tdbsam_backend

a small chat on irc reveals some details, I am irule
in there, and according to epsilon, I am not alone.

any thoughts, please help, thanks

<epsilon> I have samba 3.0.24 (debian stable) running,
but changes n filesystem (new dir or new filename) get
displayed in Explorer after I refresh, and not
immediatly
<epsilon> what can be the reason? I already tried
'refresh = 1' in smb.conf and restarted, but no change
<||cw> epsilon: default is 60 seconds i think
<epsilon> ||cw: I have the almost same config (except
path and username) on another box, it's running fine
and changes get displayed immediatly...
<epsilon> can't locate why this one box is behaving
different with same binary...
<||cw> check logs?  maybe a lib is missing?

irule> I have the same problem as epsilon, windows
clients can not get the forlders upgraded on the fly
when a file or directory is uploaded, deleted or
anything else, I can only press [F5] key on clients to
refresh folder view and my configuration is exactly
this one
http://www.howtoforge.com/debian_etch_samba_standalone_server_with_tdbsam_backend

<epsilon> irule: have you been able to fix this issue?
<irule> epsilon nope, and I have 50+ users braking my
back for it lol

<epsilon> irule: strange is, I have as basic conf as
yours on one box which has no problem with refresh...

<epsilon> everything same (OS, conf) expect
username/path
<irule> epsilon I know, Im asking the mailing list
tho, this samba copy is being installed on too many
servers to just ignore the issue
<epsilon> yea, I found few posts in mailinglists with
same issue, but none had any reply...




--- Georgy Goshin <gosha@inbox.ee> wrote:
> Hi!
> 
> Let's go back to this topic please! I have to
> replace the Windows NT 4.0 
> server with Samba but I still don't know how to do
> this. I need to allow to 
> someone (some user group) the right to add files
> into the folder. They use 
> this "feature" on current NT server ver often and to
> this in the following 
> ways:
> 
> 1. Rightclick on file you want to add, Copy, then go
> to server, for exaple 
> (\\main\), locate the desired share name, rightclick
> on it and Paste.
> 2. Just drag the files you want to add to desired
> sharename.
> 
> But when you will try to go in the same share, you
> will receive the 
> "permission denied" message and will  not be able to
> read the files or just 
> list them.
> 
> 
> Is there a way to make it with Samba or not?
> 
> > setfacl -m g:"ntadmins":rwx -R /home/ntadmins
> >
> > Now, the second type of permissions apply to any
> file (or directory) that 
> > is created in /home/ntadmins:
> >
> > setfacl -m d:g:"ntusers":--- -R /home/ntadmins
> 
> > The effect of the second setfacl command says that
> the group ntusers will 
> > be explicitly given no access to any file or
> directory created in 
> > /home/ntadmins.
> 
> I tried to do this way but it create a subfile or
> subfolder readoble and 
> writeable at lease by creator. In case with NT user
> who has a right only for 
> adding files can not go into the folder and see and
> read the content there 
> even if he just added this content into this folder
> or share.
> 
> Please point me to the right way, thanks.
> 
> G. 
> 
> -- 
> To unsubscribe from this list go to the following
> URL and read the
> instructions: 
> https://lists.samba.org/mailman/listinfo/samba
> 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com