Patrick Goetz
2022-Mar-09 14:48 UTC
[Samba] Samba as Domain Member: user get permission denied accessing share...
On 3/9/22 08:26, Rowland Penny via samba wrote:> On Wed, 2022-03-09 at 08:17 -0600, Patrick Goetz via samba wrote: >> The UNIX permissions on the /srv/samba folder indicate that no one >> outside the domain admins group will have access to anything inside >> /srv/samba (no matter what POSIX ACLs are set or what the Windows >> permissions show). >> >> # chmod 775 /srv/samba >> >> and try again. > > The idea is that you set the permissions to '0770' and then a member of > Domain Admins sets the required permissions from Windows. >OK, but that presumably resets the "o" permissions on /srv/samba or linux will not let non-domain admins access the contents of that folder. I was preparing to post about my frustrations with permissions issues, but let me ask separately: why is it necessary to set subsequent permissions from Windows?> Rowland > > >
Rowland Penny
2022-Mar-09 15:00 UTC
[Samba] Samba as Domain Member: user get permission denied accessing share...
On Wed, 2022-03-09 at 08:48 -0600, Patrick Goetz via samba wrote:> > OK, but that presumably resets the "o" permissions on /srv/samba or > linux will not let non-domain admins access the contents of that > folder.It doesn't reset the 'o' permissions and non-domain admins will not have access, unless you set them using setfacl, but you shouldn't do this if you are setting the permissions from Windows.> > > I was preparing to post about my frustrations with permissions > issues, > but let me ask separately: why is it necessary to set subsequent > permissions from Windows?There are two ways of setting permissions: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs If you only have Linux clients, follow the first. If you only have Windows clients, follow the second You should not mix the two ways of setting permissions, pick one and stick to it. Rowland