Mandi! Rowland Penny via samba
In chel di` si favelave...
>> acl_xattr:default acl style = windows
>> acl_xattr:ignore system acls = yes
> Why have you added those two last lines ?
Ahem, really you need an answer?! ;-)
I don't remember... ;-(((
>> What i'm missing?! Thanks.
> Well, because you have added this line:
> acl_xattr:ignore system acls = yes
If acl_xattr:ignore system acls is set to yes, the following
additional settings will be enforced:
??? create mask = 0666
??? directory mask = 0777
RTFM, indeed...
Sorry for the noise...
> You can read these on Linux with:
> sudo samba-tool ntacl get /srv/samba/profiles --as-sddl
I've not understood why you as me this, but, anyway:
root at vdmacpn1:~# samba-tool ntacl get /srv/samba/profiles --as-sddl
O:S-1-5-21-2656668478-4232595426-3015587126-1106G:S-1-5-21-2656668478-4232595426-3015587126-1104D:P(A;;0x001f01ff;;;S-1-5-21-2656668478-4232595426-3015587126-1106)(A;;0x001f01ff;;;S-1-5-21-2656668478-4232595426-3015587126-1104)(A;;0x001200a9;;;WD)
Ah! I remember because i've set 'acl_xattr:ignore system acls =
yes': simply
profile folders creation does not worked, and i've fiddled a bit.
If i can read well the wiki, the permission needed are:
+ full control to everyone for the share permission
+ in the folder permission:
- special permission to create (and access) the folders to Domain Users
- full control to SYSTEM, CREATOR OWNER and Domain Admins.
But still plain POSIX (ugo) permissione have to permit access to the folder,
right? So i need to do:
chown <whatever>:'Domain Users' /srv/samba/profiles
chmod 770 /srv/samba/profiles
Right? If yes, it missed from the wiki... at least from:
https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles#Using_Windows_ACLs
probably reading:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
can give some hints, but...
--
Software patents are like smoke: ?it started with an experiment to improve
health. It tasted quite good and it soon became a fashion statement. But
today smoking kills not only those who smoke but also those who breathe
nearby.? (Marten Mickos)