hi
i have two domain controllers and a domain member setup to serve home
directories,
the file system on the server is btrfs and the home directory is a
subvolume,
i have rsat installed on a windows 10 pro laptop with which i use to
administer my domain as administrator,
following the web page
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
i get to Setting ACLs on a Folder,
when i select the security tab i get - you must have read permission to
view the properties of this object.
i tried the advance button which indicated that it was unable to display
current owner,
when selecting the permission tab it responded - you do not have
permission to view or edit this objects permission setting,
i changed the current owner to administrator when i pressed apply it
responded - unable to select new owner on directory access is denied.
how do i sort out the permission problem ?
$ ls -al /smb
drwxr-xr-x 8 root root 4096 Jul 3 2017 .
drwxr-xr-x 18 root root 4096 Dec 28 17:18 ..
drwxrwx--- 1 root domain admins 32 Oct 30 2016 home
$ ls -al /smb/home
drwxrwx--- 1 root domain admins 32 Oct 30 2016 .
drwxr-xr-x 8 root root 4096 Jul 3 2017 ..
drwxrwxr-x+ 1 philmore domain users 228 Jul 1 2017 philmore
sudo net rpc rights list privileges SeDiskOperatorPrivilege -U
"MYDOM\administrator"
Enter MYDOM\administrator's password:
SeDiskOperatorPrivilege:
MYDOM\Domain Admins
BUILTIN\Administrators
$ getfacl /smb/home
getfacl: Removing leading '/' from absolute path names
# file: smb/home
# owner: root
# group: domain\040admins
user::rwx
group::rwx
other::---
$ sudo getfattr -d /smb/home
$
(nothing returned from getfattr)
domain\admin has full control/change and read ,
domain/user have change and read on share permission
shadrock
