Marco Shmerykowsky
2019-Feb-19 21:13 UTC
[Samba] Computer Management - Share Security - No Read Access
On 2019-02-19 3:47 pm, Rowland Penny via samba wrote:> On Tue, 19 Feb 2019 15:25:51 -0500>> What exactly does "START AGAIN" imply? Just chmod? > > 'ls' shows the correct ownership and Unix permissions: > > drwxrwx---+ 4 root domain admins 4096 Feb 17 19:13 programs > > But 'getfacl' show something different: > > getfacl: Removing leading '/' from absolute path names > # file: server > # owner: root > # group: root > user::rwx > group::r-x > other::r-x > > So what I am suggesting is that you use 'setfacl' to remove the > extended ACL's, it is the only thing I can see different between my > working system and your non-working system > > Rowlandroot at machine253:/server# setfacl -b /server/users root at machine253:/server# chmod 0770 /server/programs root at machine253:/server# ls -l total 20 drwxrwx--- 4 root domain admins 4096 Feb 17 19:13 programs root at machine253:/server# getfacl /server/programs getfacl: Removing leading '/' from absolute path names # file: server/programs # owner: root # group: domain\040admins user::rwx group::rwx other::--- No Change
Rowland Penny
2019-Feb-19 21:22 UTC
[Samba] Computer Management - Share Security - No Read Access
On Tue, 19 Feb 2019 16:13:27 -0500 Marco Shmerykowsky <marco at sce-engineers.com> wrote:> > On 2019-02-19 3:47 pm, Rowland Penny via samba wrote: > > On Tue, 19 Feb 2019 15:25:51 -0500 > > >> What exactly does "START AGAIN" imply? Just chmod? > > > > 'ls' shows the correct ownership and Unix permissions: > > > > drwxrwx---+ 4 root domain admins 4096 Feb 17 19:13 > > programs > > > > But 'getfacl' show something different: > > > > getfacl: Removing leading '/' from absolute path names > > # file: server > > # owner: root > > # group: root > > user::rwx > > group::r-x > > other::r-x > > > > So what I am suggesting is that you use 'setfacl' to remove the > > extended ACL's, it is the only thing I can see different between my > > working system and your non-working system > > > > Rowland > > root at machine253:/server# setfacl -b /server/users > > root at machine253:/server# chmod 0770 /server/programs > root at machine253:/server# ls -l > total 20 > drwxrwx--- 4 root domain admins 4096 Feb 17 19:13 programs > > > root at machine253:/server# getfacl /server/programs > getfacl: Removing leading '/' from absolute path names > # file: server/programs > # owner: root > # group: domain\040admins > user::rwx > group::rwx > other::--- > > No ChangeWhen you say 'No Change' I take it you mean that it is still not working from Windows, because there is a change on the Unix side, 'Domain Admins' now has the required Unix permissions. One other thing, I cannot remember asking if Apparmor or Selinux is installed and enabled. Rowland
Marco Shmerykowsky
2019-Feb-19 21:42 UTC
[Samba] Computer Management - Share Security - No Read Access
---
Marco J. Shmerykowsky, P.E.
marco at sce-engineers.com
--------------------------------------------
Shmerykowsky Consulting Engineers
Structural Analysis & Design
102 West 38th Street, 2nd Floor
New York, New York 10018
Tel. (212)719-9700 Fax. (212)719-4822
http://www.sce-engineers.com
--------------------------------------------
On 2019-02-19 4:22 pm, Rowland Penny via samba wrote:> On Tue, 19 Feb 2019 16:13:27 -0500
> Marco Shmerykowsky <marco at sce-engineers.com> wrote:
>
>>
>> On 2019-02-19 3:47 pm, Rowland Penny via samba wrote:
>> > On Tue, 19 Feb 2019 15:25:51 -0500
>>
>> >> What exactly does "START AGAIN" imply? Just chmod?
>> >
>> > 'ls' shows the correct ownership and Unix permissions:
>> >
>> > drwxrwx---+ 4 root domain admins 4096 Feb 17 19:13
>> > programs
>> >
>> > But 'getfacl' show something different:
>> >
>> > getfacl: Removing leading '/' from absolute path names
>> > # file: server
>> > # owner: root
>> > # group: root
>> > user::rwx
>> > group::r-x
>> > other::r-x
>> >
>> > So what I am suggesting is that you use 'setfacl' to
remove the
>> > extended ACL's, it is the only thing I can see different
between my
>> > working system and your non-working system
>> >
>> > Rowland
>>
>> root at machine253:/server# setfacl -b /server/users
>>
>> root at machine253:/server# chmod 0770 /server/programs
>> root at machine253:/server# ls -l
>> total 20
>> drwxrwx--- 4 root domain admins 4096 Feb 17 19:13 programs
>>
>>
>> root at machine253:/server# getfacl /server/programs
>> getfacl: Removing leading '/' from absolute path names
>> # file: server/programs
>> # owner: root
>> # group: domain\040admins
>> user::rwx
>> group::rwx
>> other::---
>>
>> No Change
>
> When you say 'No Change' I take it you mean that it is still not
> working from Windows, because there is a change on the Unix side,
> 'Domain Admins' now has the required Unix permissions.
Correct. In Computer Manager I can not access anything on the
share except for the share permissions.
I've also been trying to create "user directory" using %LogonUser%
via a group profile. That deosn't seem to be working, but I don't
know if it's related.>
> One other thing, I cannot remember asking if Apparmor or Selinux is
> installed and enabled.
>
> Rowland
I tried sestatus and apparmor_status and bith returned 'command not
found'
so I assume they're not running. I installed Debian 9 from the LiveCD
with the cinnamon desktop.
Reasonably Related Threads
- Computer Management - Share Security - No Read Access
- Computer Management - Share Security - No Read Access
- Computer Management - Share Security - No Read Access
- Computer Management - Share Security - No Read Access
- Computer Management - Share Security - No Read Access