Marco Shmerykowsky
2019-Feb-19 21:13 UTC
[Samba] Computer Management - Share Security - No Read Access
On 2019-02-19 3:47 pm, Rowland Penny via samba wrote:> On Tue, 19 Feb 2019 15:25:51 -0500>> What exactly does "START AGAIN" imply? Just chmod? > > 'ls' shows the correct ownership and Unix permissions: > > drwxrwx---+ 4 root domain admins 4096 Feb 17 19:13 programs > > But 'getfacl' show something different: > > getfacl: Removing leading '/' from absolute path names > # file: server > # owner: root > # group: root > user::rwx > group::r-x > other::r-x > > So what I am suggesting is that you use 'setfacl' to remove the > extended ACL's, it is the only thing I can see different between my > working system and your non-working system > > Rowlandroot at machine253:/server# setfacl -b /server/users root at machine253:/server# chmod 0770 /server/programs root at machine253:/server# ls -l total 20 drwxrwx--- 4 root domain admins 4096 Feb 17 19:13 programs root at machine253:/server# getfacl /server/programs getfacl: Removing leading '/' from absolute path names # file: server/programs # owner: root # group: domain\040admins user::rwx group::rwx other::--- No Change
Rowland Penny
2019-Feb-19 21:22 UTC
[Samba] Computer Management - Share Security - No Read Access
On Tue, 19 Feb 2019 16:13:27 -0500 Marco Shmerykowsky <marco at sce-engineers.com> wrote:> > On 2019-02-19 3:47 pm, Rowland Penny via samba wrote: > > On Tue, 19 Feb 2019 15:25:51 -0500 > > >> What exactly does "START AGAIN" imply? Just chmod? > > > > 'ls' shows the correct ownership and Unix permissions: > > > > drwxrwx---+ 4 root domain admins 4096 Feb 17 19:13 > > programs > > > > But 'getfacl' show something different: > > > > getfacl: Removing leading '/' from absolute path names > > # file: server > > # owner: root > > # group: root > > user::rwx > > group::r-x > > other::r-x > > > > So what I am suggesting is that you use 'setfacl' to remove the > > extended ACL's, it is the only thing I can see different between my > > working system and your non-working system > > > > Rowland > > root at machine253:/server# setfacl -b /server/users > > root at machine253:/server# chmod 0770 /server/programs > root at machine253:/server# ls -l > total 20 > drwxrwx--- 4 root domain admins 4096 Feb 17 19:13 programs > > > root at machine253:/server# getfacl /server/programs > getfacl: Removing leading '/' from absolute path names > # file: server/programs > # owner: root > # group: domain\040admins > user::rwx > group::rwx > other::--- > > No ChangeWhen you say 'No Change' I take it you mean that it is still not working from Windows, because there is a change on the Unix side, 'Domain Admins' now has the required Unix permissions. One other thing, I cannot remember asking if Apparmor or Selinux is installed and enabled. Rowland
Marco Shmerykowsky
2019-Feb-19 21:42 UTC
[Samba] Computer Management - Share Security - No Read Access
--- Marco J. Shmerykowsky, P.E. marco at sce-engineers.com -------------------------------------------- Shmerykowsky Consulting Engineers Structural Analysis & Design 102 West 38th Street, 2nd Floor New York, New York 10018 Tel. (212)719-9700 Fax. (212)719-4822 http://www.sce-engineers.com -------------------------------------------- On 2019-02-19 4:22 pm, Rowland Penny via samba wrote:> On Tue, 19 Feb 2019 16:13:27 -0500 > Marco Shmerykowsky <marco at sce-engineers.com> wrote: > >> >> On 2019-02-19 3:47 pm, Rowland Penny via samba wrote: >> > On Tue, 19 Feb 2019 15:25:51 -0500 >> >> >> What exactly does "START AGAIN" imply? Just chmod? >> > >> > 'ls' shows the correct ownership and Unix permissions: >> > >> > drwxrwx---+ 4 root domain admins 4096 Feb 17 19:13 >> > programs >> > >> > But 'getfacl' show something different: >> > >> > getfacl: Removing leading '/' from absolute path names >> > # file: server >> > # owner: root >> > # group: root >> > user::rwx >> > group::r-x >> > other::r-x >> > >> > So what I am suggesting is that you use 'setfacl' to remove the >> > extended ACL's, it is the only thing I can see different between my >> > working system and your non-working system >> > >> > Rowland >> >> root at machine253:/server# setfacl -b /server/users >> >> root at machine253:/server# chmod 0770 /server/programs >> root at machine253:/server# ls -l >> total 20 >> drwxrwx--- 4 root domain admins 4096 Feb 17 19:13 programs >> >> >> root at machine253:/server# getfacl /server/programs >> getfacl: Removing leading '/' from absolute path names >> # file: server/programs >> # owner: root >> # group: domain\040admins >> user::rwx >> group::rwx >> other::--- >> >> No Change > > When you say 'No Change' I take it you mean that it is still not > working from Windows, because there is a change on the Unix side, > 'Domain Admins' now has the required Unix permissions.Correct. In Computer Manager I can not access anything on the share except for the share permissions. I've also been trying to create "user directory" using %LogonUser% via a group profile. That deosn't seem to be working, but I don't know if it's related.> > One other thing, I cannot remember asking if Apparmor or Selinux is > installed and enabled. > > RowlandI tried sestatus and apparmor_status and bith returned 'command not found' so I assume they're not running. I installed Debian 9 from the LiveCD with the cinnamon desktop.
Reasonably Related Threads
- Computer Management - Share Security - No Read Access
- Computer Management - Share Security - No Read Access
- Computer Management - Share Security - No Read Access
- Computer Management - Share Security - No Read Access
- Computer Management - Share Security - No Read Access