Thank you, but this did nothing. Users from group 'g02' can access folder '01'. But this folder has ACL set up only for group 'g01'> You could investigate using 'access based share enum = yes' > > and setting the permissions from Windows, see here: > > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs > > You will also need to remove these lines: > > valid users = @"Domain Users" @"Domain Admins" @all > admin users = admin @it > # inherit acls = yes > force create mode = 0777 > directory mask = 0770 > hide unreadable = yes > > Rowland
On Wed, 12 Apr 2017 15:48:10 +0300 Dmitry via samba <samba at lists.samba.org> wrote:> Thank you, but this did nothing. Users from group 'g02' can access > folder '01'. But this folder has ACL set up only for group 'g01'Did you remove the lines from the share ? Did you restart smbd, nmbd and winbind ? can you post the result of: ls -lad /path/to/01 getfacl /path/to/01 Rowland> > > > You could investigate using 'access based share enum = yes' > > > > and setting the permissions from Windows, see here: > > > > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs > > > > You will also need to remove these lines: > > > > valid users = @"Domain Users" @"Domain Admins" @all > > admin users = admin @it > > # inherit acls = yes > > force create mode = 0777 > > directory mask = 0770 > > hide unreadable = yes > > > > Rowland >
Please keep on list ;-) On Wed, 12 Apr 2017 16:31:45 +0300 it at mdsdnr.ru wrote:> > Did you remove the lines from the share ? > Yes > > > Did you restart smbd, nmbd and winbind ? > Yes > > > can you post the result of: > > ls -lad /path/to/01 > drwxrwxr-x+ 4 admin g01 4096 Apr 12 15:36 01 > > > > getfacl /path/to/01 > # file: 01 > # owner: admin > # group: g01 > user::rwx > user:u01:rwx > group::rwx > group:admin:rwx > group:g01:rwx > mask::rwx > other::r-x > default:user::rwx > default:user:admin:rwx > default:user:u01:rwx > default:group::r-x > default:group:g01:rwx > default:mask::rwx > default:other::r-xFrom the 'getfacl': 'others' can read & execute, remove the ACE that is allowing this. Rowland