Hi all,
I'm running a small (50 users) AD with an AD-DC and a Domain Member as the
file server. Both running debian Stretch and self-compiled samba 4.6.12.
Bind as DNS.
Multiple shares configured using windows ACLs. All work as expected except
for User Home Folders (https://wiki.samba.org/index.php/User_Home_Folders).
I've created a folder for each user under samba_homes/ and gave full
control to each user to his "folder, sub folder and files". Users can
create and delete subfolders, can create files, open and write to files,
but cannot delete or rename files.
If I check properties on files, I can see that both "full control" and
"modify" are off. Even if I force them by going to the file
properties, I
can't get the modify flag to stick.
Any ideas? I'm running out of them...
Thanks
my smb.conf:
[global]
security = ADS
workgroup = SOMEDOM
realm = SOMEDOM.LOCAL
username map = /usr/local/samba/etc/user.map
log file = /var/log/samba/%m.log
log level = 2
server role = member server
idmap config * : backend = tdb
idmap config * : range = 3000-7999
# winbind nss info = template
# template shell = /bin/bash
# template homedir = /home/%U
idmap config SOMEDOM : backend = rid
idmap config SOMEDOM : range = 10000-999999
# winbind enum groups = yes
# winbind enum users = yes
winbind use default domain = yes
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
aio read size = 16384
aio write size = 16384
aio write behind = true
use sendfile = true
read raw = true
min receivefile size = 16384
[Casa]
comment = personal folders
path = /mnt/disco2/samba_homes
read only = no
vfs objects = full_audit
full_audit:prefix = %u|%I
full_audit:failure = none
full_audit:success = none
full_audit:facility = LOCAL7
full_audit:priority = NOTICE
[Financeiro]
comment = Departamento Financeiro
writeable = yes
path = /mnt/disco2/Users/Financeiro
vfs objects = full_audit
full_audit:prefix = %u|%I
full_audit:failure = none
full_audit:success = connect disconnect mkdir rmdir pread pwrite $
full_audit:facility = LOCAL6
full_audit:priority = NOTICE
[RecHumanos]
comment = Departamento Recursos Humanos
writeable = yes
path = /mnt/disco2/Users/RecHumanos
vfs objects = full_audit
full_audit:prefix = %u|%I
full_audit:failure = none
full_audit:success = connect disconnect mkdir rmdir pread pwrite u$
full_audit:facility = LOCAL6
full_audit:priority = NOTICE
On Wed, 14 Feb 2018 00:24:00 +0000 Carlos Jesus via samba <samba at lists.samba.org> wrote:> Hi all, > I'm running a small (50 users) AD with an AD-DC and a Domain Member > as the file server. Both running debian Stretch and self-compiled > samba 4.6.12. Bind as DNS. > Multiple shares configured using windows ACLs. All work as expected > except for User Home Folders > (https://wiki.samba.org/index.php/User_Home_Folders). I've created a > folder for each user under samba_homes/ and gave full control to each > user to his "folder, sub folder and files". Users can create and > delete subfolders, can create files, open and write to files, but > cannot delete or rename files. If I check properties on files, I can > see that both "full control" and "modify" are off. Even if I force > them by going to the file properties, I can't get the modify flag to > stick. Any ideas? I'm running out of them... > Thanks > > my smb.conf: > [global] > > vfs objects = acl_xattr > > [Casa] > comment = personal folders > path = /mnt/disco2/samba_homes > read only = no > vfs objects = full_auditTwo thing here, what are you mounting the shares from ?, this may have a bearing, but I think your main problems is that you may have turned off 'acl_xattr' on the shares. Try changing the 'vfs objects' line in [global] to 'vfs objects = acl_xattr full_audit' and remove the 'vfs objects' lines from the shares. Rowland