Hi Rowland, my users are known to the OS, they also have the correct permissions to alter the settings. Doing so on the CLI does work when logged in via SSH. When opening the Security Tab the users and groups are displayed, only on directories there are no checkmarks under Read, Write etc. I also cannot set any checkmarks for Read, Write etc. When viewing the Security Tab of a file everything works and I can see and set the checkmarks. Do you know what could be wrong? Greetings, Felix -----Ursprüngliche Nachricht----- Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny Gesendet: Dienstag, 4. August 2015 12:55 An: samba at lists.samba.org Betreff: Re: [Samba] Cannot change directory permissions On 04/08/15 11:46, Felix Matouschek wrote:> Hi Rowland, > > when saying 'I' I theoretically meant any user that has write access to the share. > > It should be possible to right click the directory in windows, the go to security tab and remove the write permissions on the directory. > > This behaviour already works with files, I'm trying to figure out how to make it also work for directories. > > Greetings, > Felix > > -----Ursprüngliche Nachricht----- > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von > Rowland Penny > Gesendet: Dienstag, 4. August 2015 11:57 > An: samba at lists.samba.org > Betreff: Re: [Samba] Cannot change directory permissions > > On 04/08/15 10:07, Felix Matouschek wrote: >> Hello, >> >> I occasionally need to remove the write permissions from directories inside a share to prevent users from accidentally deleting files inside that directory. >> >> My problem is that I neither can view nor can change the permissions of directories on my shares. >> Curiously enough viewing and changing permissions of files in the same shares works without a problem. >> >> Is there anything I misconfigured? >> >> My smb.conf looks like this: >> >> [global] >> ### Network ### >> netbios name = Fileserver >> server string = Fileserver (%h V:%v) >> >> ### ad member ### >> workgroup = INTRANET >> realm = INTRANET.MYCOMPANY.DE >> security = ADS >> kerberos method = secrets and keytab >> >> ### WINS ### >> wins server = 192.168.0.197 >> name resolve order = wins host bcast >> >> ### logins without prepending INTRANET\ ### >> map untrusted to domain = yes >> >> ### other settings ### >> unix extensions = no >> invalid users = root >> >> ### make exe files executable on windows without x bit ### >> acl allow execute always = yes >> >> ### performance ### >> deadtime = 10 >> use sendfile = yes >> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE >> >> ### prevent unwanted files ### >> veto files = /$RECYCLE.BIN/desktop.ini/Thumbs.db/.DS_Store/._.DS_Store/.apdisk/._.apdisk/.TemporaryItems/._.TemporaryItems/.Trashes/._.Trashes >> delete veto files = yes >> >> ### SHARES ### >> >> [Exchange] >> path = /home/nobackup/exchange >> guest ok = yes >> read only = no >> create mask = 660 >> directory mask = 770 >> force group = exchange-users >> >> Greetings, >> Felix > Hi, when you say ' I occasionally need to remove the write permissions', whom is the 'I', is this the Administrator ? > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >I am fairly sure your problem is a misconfiguration of smb.conf, for a start have a look here: https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server To change directory settings, your users and groups need to be known to the underlying Unix OS and have the required permissions to alter the settings. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On 04/08/15 14:11, Felix Matouschek wrote:> Hi Rowland, > > my users are known to the OSThe smb.conf you posted earlier would seem to suggest that they aren't, what does 'getent passwd <username>' produce ? Rowland> , they also have the correct permissions to alter the settings. > Doing so on the CLI does work when logged in via SSH. > > When opening the Security Tab the users and groups are displayed, only on directories there are no checkmarks under Read, Write etc. > I also cannot set any checkmarks for Read, Write etc. > > When viewing the Security Tab of a file everything works and I can see and set the checkmarks. > > Do you know what could be wrong? > > Greetings, > Felix > > -----Ursprüngliche Nachricht----- > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny > Gesendet: Dienstag, 4. August 2015 12:55 > An: samba at lists.samba.org > Betreff: Re: [Samba] Cannot change directory permissions > > On 04/08/15 11:46, Felix Matouschek wrote: >> Hi Rowland, >> >> when saying 'I' I theoretically meant any user that has write access to the share. >> >> It should be possible to right click the directory in windows, the go to security tab and remove the write permissions on the directory. >> >> This behaviour already works with files, I'm trying to figure out how to make it also work for directories. >> >> Greetings, >> Felix >> >> -----Ursprüngliche Nachricht----- >> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von >> Rowland Penny >> Gesendet: Dienstag, 4. August 2015 11:57 >> An: samba at lists.samba.org >> Betreff: Re: [Samba] Cannot change directory permissions >> >> On 04/08/15 10:07, Felix Matouschek wrote: >>> Hello, >>> >>> I occasionally need to remove the write permissions from directories inside a share to prevent users from accidentally deleting files inside that directory. >>> >>> My problem is that I neither can view nor can change the permissions of directories on my shares. >>> Curiously enough viewing and changing permissions of files in the same shares works without a problem. >>> >>> Is there anything I misconfigured? >>> >>> My smb.conf looks like this: >>> >>> [global] >>> ### Network ### >>> netbios name = Fileserver >>> server string = Fileserver (%h V:%v) >>> >>> ### ad member ### >>> workgroup = INTRANET >>> realm = INTRANET.MYCOMPANY.DE >>> security = ADS >>> kerberos method = secrets and keytab >>> >>> ### WINS ### >>> wins server = 192.168.0.197 >>> name resolve order = wins host bcast >>> >>> ### logins without prepending INTRANET\ ### >>> map untrusted to domain = yes >>> >>> ### other settings ### >>> unix extensions = no >>> invalid users = root >>> >>> ### make exe files executable on windows without x bit ### >>> acl allow execute always = yes >>> >>> ### performance ### >>> deadtime = 10 >>> use sendfile = yes >>> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE >>> >>> ### prevent unwanted files ### >>> veto files = /$RECYCLE.BIN/desktop.ini/Thumbs.db/.DS_Store/._.DS_Store/.apdisk/._.apdisk/.TemporaryItems/._.TemporaryItems/.Trashes/._.Trashes >>> delete veto files = yes >>> >>> ### SHARES ### >>> >>> [Exchange] >>> path = /home/nobackup/exchange >>> guest ok = yes >>> read only = no >>> create mask = 660 >>> directory mask = 770 >>> force group = exchange-users >>> >>> Greetings, >>> Felix >> Hi, when you say ' I occasionally need to remove the write permissions', whom is the 'I', is this the Administrator ? >> >> Rowland >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > I am fairly sure your problem is a misconfiguration of smb.conf, for a start have a look here: > > https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server > > To change directory settings, your users and groups need to be known to the underlying Unix OS and have the required permissions to alter the settings. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Hi Rowland,
I had to split smbd and winbindd config to work around some bugs in credentials
offline caching.
I have a separate winbindd.conf, it looks like this:
[global]
### Network ###
netbios name = Fileserver
server string = Fileserver (%h V:%v)
### ad member ###
workgroup = INTRANET
realm = INTRANET.MYCOMPANY.DE
security = ADS
kerberos method = secrets and keytab
### WINS ###
wins server = 192.168.0.197
name resolve order = wins host bcast
### winbind config ###
winbind offline logon = yes
winbind cache time = 600
winbind enum users = yes
winbind enum groups = yes
winbind expand groups = 1
winbind nested groups = yes
winbind use default domain = yes
winbind refresh tickets = yes
winbind nss info = rfc2307
idmap config * : backend = tdb
idmap config * : range = 1000000 - 1999999
idmap config INTRANET : backend = ad
idmap config INTRANET : schema_mode = rfc2307
idmap config INTRANET : range = 5000 - 40000
### offline mode is not working without those ###
winbind normalize names = no
map untrusted to domain = no
### performance ###
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
Greetings,
Felix
-----Ursprüngliche Nachricht-----
Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland
Penny
Gesendet: Dienstag, 4. August 2015 15:17
An: samba at lists.samba.org
Betreff: Re: [Samba] Cannot change directory permissions
On 04/08/15 14:11, Felix Matouschek wrote:> Hi Rowland,
>
> my users are known to the OS
The smb.conf you posted earlier would seem to suggest that they aren't, what
does 'getent passwd <username>' produce ?
Rowland
> , they also have the correct permissions to alter the settings.
> Doing so on the CLI does work when logged in via SSH.
>
> When opening the Security Tab the users and groups are displayed, only on
directories there are no checkmarks under Read, Write etc.
> I also cannot set any checkmarks for Read, Write etc.
>
> When viewing the Security Tab of a file everything works and I can see and
set the checkmarks.
>
> Do you know what could be wrong?
>
> Greetings,
> Felix
>
> -----Ursprüngliche Nachricht-----
> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von
> Rowland Penny
> Gesendet: Dienstag, 4. August 2015 12:55
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Cannot change directory permissions
>
> On 04/08/15 11:46, Felix Matouschek wrote:
>> Hi Rowland,
>>
>> when saying 'I' I theoretically meant any user that has write
access to the share.
>>
>> It should be possible to right click the directory in windows, the go
to security tab and remove the write permissions on the directory.
>>
>> This behaviour already works with files, I'm trying to figure out
how to make it also work for directories.
>>
>> Greetings,
>> Felix
>>
>> -----Ursprüngliche Nachricht-----
>> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von
>> Rowland Penny
>> Gesendet: Dienstag, 4. August 2015 11:57
>> An: samba at lists.samba.org
>> Betreff: Re: [Samba] Cannot change directory permissions
>>
>> On 04/08/15 10:07, Felix Matouschek wrote:
>>> Hello,
>>>
>>> I occasionally need to remove the write permissions from
directories inside a share to prevent users from accidentally deleting files
inside that directory.
>>>
>>> My problem is that I neither can view nor can change the
permissions of directories on my shares.
>>> Curiously enough viewing and changing permissions of files in the
same shares works without a problem.
>>>
>>> Is there anything I misconfigured?
>>>
>>> My smb.conf looks like this:
>>>
>>> [global]
>>> ### Network ###
>>> netbios name = Fileserver
>>> server string = Fileserver (%h V:%v)
>>>
>>> ### ad member ###
>>> workgroup = INTRANET
>>> realm = INTRANET.MYCOMPANY.DE
>>> security = ADS
>>> kerberos method = secrets and keytab
>>>
>>> ### WINS ###
>>> wins server = 192.168.0.197
>>> name resolve order = wins host bcast
>>>
>>> ### logins without prepending INTRANET\ ###
>>> map untrusted to domain = yes
>>>
>>> ### other settings ###
>>> unix extensions = no
>>> invalid users = root
>>>
>>> ### make exe files executable on windows without x bit ###
>>> acl allow execute always = yes
>>>
>>> ### performance ###
>>> deadtime = 10
>>> use sendfile = yes
>>> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
>>>
>>> ### prevent unwanted files ###
>>> veto files =
/$RECYCLE.BIN/desktop.ini/Thumbs.db/.DS_Store/._.DS_Store/.apdisk/._.apdisk/.TemporaryItems/._.TemporaryItems/.Trashes/._.Trashes
>>> delete veto files = yes
>>>
>>> ### SHARES ###
>>>
>>> [Exchange]
>>> path = /home/nobackup/exchange
>>> guest ok = yes
>>> read only = no
>>> create mask = 660
>>> directory mask = 770
>>> force group = exchange-users
>>>
>>> Greetings,
>>> Felix
>> Hi, when you say ' I occasionally need to remove the write
permissions', whom is the 'I', is this the Administrator ?
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
> I am fairly sure your problem is a misconfiguration of smb.conf, for a
start have a look here:
>
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>
> To change directory settings, your users and groups need to be known to the
underlying Unix OS and have the required permissions to alter the settings.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba