search for: facl

...ver: I have my shares on a partition supporting acls with ext3 /dev/md0 on /data/raid type ext3 (rw,acl,user_xattr) My new Fileserver: /dev/md0 on /data/raid type ext4 (rw,acl,user_xattr) Now I copied all my shares to the new Fileserver with rsync and backed up my acls with: getfacl -R > acls-fileserver.facl I copyied the file "acls-fileserver.facl" to the new one and tried to restore all the acls to the files and directories with: setfacl -restore=acls-fileserver.facl There I keep getting an error "Invalid argument in line 75635" Someti...

...ID. > IN-Consistent IDs on all Samba clients and servers with RID. > > > Maybe im bit wrong here, with recent updates, .. Then Rowland will correct me.. ;-) > But this is exactly why i ONLY use AD backends. > > I suggest, setup a folder, correct the rights, and use get-set facl to apply them again on the filesystem/folders/files. Not now, not today. That server will be replaced in the next days, and today is a stressful and long day already. Things *worked* fine with this smb.conf for quite some time, so even when I understand the better approach you recommend, I won&...

...t up the share and filesystem permissions without using windows clients, only using command line on the server... is it possible? how do i setup share permission on home? it looks like recorded in share_info.tdb but i do not known the binary format... how do i setup file system permission using facl for extended acl like Authenticated Users: Read & Execute, List Folder Contents, Read ? Regards

On 25/10/2020 20:37, Sonic wrote: > The reset allowed the current GPO to take effect, but right after > adding a new GPO (just named it, no editing, or linking) the > sysvolcheck fails: > # samba-tool ntacl sysvolcheck > ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception > - ProvisioningError: DB ACL on GPO directory >

Im seriously thinking about changing dist. due to acl won't work as they should with debian woody. Ppl also tell me this is because of some bug in debian. So, as the subject says, anybody got acl to work w/ debian 3, winbindd in a domain? If not, hello redhat.. Jacob _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online

...mailto:samba-bounces at lists.samba.org] Namens Mark > > Foley via samba > > Verzonden: woensdag 13 juni 2018 22:50 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] Admin UID changed with upgrade to 4.8.2 > > [deleted] > > > But... What does getfacl say about these files/folders Or > > get my script: > > > > > https://raw.githubusercontent.com/thctlo/samba4/master/samba-c > > heck-set-sysvol.sh > > > And see if there is something wrong here in you SID/UID mappins > > > The script does not apply...

...:03:46 /var/lib/samba/sysvol/hprs.local/policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI > > > Now this is .. Not correct... > > There is only one i think is correct. base on what you show. > -rwxrwx---+ 1 3000008 HPRS\domain admins but for that you need to show the getfacl output. > > Ok, do the following. > 1) reset the sysvol rights with my script and reapply to all folders recursive. > start here: /var/lib/samba/sysvol A bit unclear on this. You say to "reset the sysvol rights with my script." I assume that to actually do the update you...

...01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01f f;;;SY)(A;OICI;0x001200a9;;;AU) samba-tool ntacl get --as-sddl /var/lib/samba/sysvol/$(hostname -d)/Policies/ O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01f f;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001301bf;;;PA) getfacl /var/lib/samba/sysvol/$(hostname -d)/Policies/ getfacl: Removing leading '/' from absolute path names # file: var/lib/samba/sysvol/my.domain.tld/Policies/ # owner: root # group: BUILTIN\\administrators user::rwx user:root:rwx user:BUILTIN\\administrators:rwx user:BUILTIN\\server\040operator...

...yyyy) This mount contains a rsync /home-Backup. All home-folders are owned by nobody:nobody, stat displays uid and gid = 99. Folder permissions are 700. I'm very surprised, that I can access my own home, but no foreign folders, although it looks like permissions are all the same. There are no facls set. I cannot login on the NFS-server, but is it possible that NFS-client shows wrong permissions? - Chris

On Mon, Dec 15, 2014 at 2:08 PM, Denis BUCHER <dbucherml at hsolutions.ch> wrote: > > It looks like you are trying to do the same as I did. Did you read the > thread I had some days ago with subject "How to copy roaming profiles to > new server ? ("Group policy client service failed. The logon access is > denied")" ? > Yes, I read that thread. However,

...t IDs on all Samba clients and servers with RID. >> >> >> Maybe im bit wrong here, with recent updates, .. Then Rowland will correct me.. ;-) >> But this is exactly why i ONLY use AD backends. >> >> I suggest, setup a folder, correct the rights, and use get-set facl to apply them again on the filesystem/folders/files. > > Not now, not today. > > That server will be replaced in the next days, and today is a stressful > and long day already. > > Things *worked* fine with this smb.conf for quite some time, so even > when I understand t...

...If I go into NT, Windows Explorer and do a properties on a file, there is a section that allows you to set, essentially, ACLs on a file...allow various individual users or groups of users to access the file without opening it up to everything... Under Solaris, I can do this also using {get,set}facl ... is there a way of doing this using Samba 2.x? Is anyone working on this, by some chance? Thanks... Marc G. Fournier Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org

Hi, After upgrading to Samba 3.3.10 (Mandriva 2009.0), I'm unable to use wbinfo to do anything. Previous to the upgrade, it was working fine. I upgraded to support a new Windows 2008 R2 server (previously Windows 2000). # wbinfo -p Ping to winbindd failed could not ping winbindd! # ps -A|grep winbind 31955 ? 00:00:00 winbindd 31962 ? 00:00:00 winbindd The "net ads"

...ion on file system acls and posix permissions . I'm looking to better secure access to the files by trimming some of the permissions etc. 1) What services could break if I change the umask from 022 to 007 thus by default only user and group have rw access to the files and directories ignoring facls ? 2) I have found that using samba and NFS to share the same file system are not so grate as when some windows file permissions are set this cause the file permissions to be more open eg permissions for other get set to rwx, when this is not wanted as over NFS this grants everyone access to the f...

Hello everybody, I would like to know if there is a plugin that allow us to manage advances ACL on a linux system (Debian ) Because for the moment,the idea to use "exec setfacl" to set my ACLs sounds a little bit "dirty" Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-u...

...ID: S-1-5-21-2009448231-1530593524-1969381020-512 sambaGroupType: 2 displayName: Domain Admins memberUid: root Now for the weird behavior: granting access to "Domain Admins" through Windows XPs "security" tab (I have acl support compiled in) to a file yields out the following facl on the unix side: user::rwx group::rw- #effective:rw- group:2147483404:r-x #effective:r-x mask:rwx other:r-- GID for "Domain Admins" is fishy. Things look OK on the Windows side of things though (in the security tab, Domain Admins is right there with proper per...

...9; will only show numbers, this is because the OS doesn't know who the numbers are. > > With 4.8.2 on my DC's i see: > ls -al sysvol/ > drwxrwx---+ 5 root BUILTIN\administrators 4096 Dec 21 13:14 > internal.domain.tld > > Note the ^^^ (+) in above line, then use getfacl to see all ACL's > If you use chmod, you might destroy your very needed windows ACL's > > And i see with getfacl And Louis also uses 'acl_xattr:ignore system acls = yes', this means that you can ignore the system ACL and what getfacl produces. The permissions you set fr...

...ents and servers with RID. >>> >>> >>> Maybe im bit wrong here, with recent updates, .. Then Rowland will correct me.. ;-) >>> But this is exactly why i ONLY use AD backends. >>> >>> I suggest, setup a folder, correct the rights, and use get-set facl to apply them again on the filesystem/folders/files. >> Not now, not today. >> >> That server will be replaced in the next days, and today is a stressful >> and long day already. >> >> Things *worked* fine with this smb.conf for quite some time, so even >>...

...don't fit into Windows or NFSv4 security model, which makes interoperability between these systems harder; finally, they don't work with ZFS. The aim of my GSoC project was to implement NFSv4 ACLs in a similar way POSIX.1e ACLs are supported. That was done by extending user utilities (setfacl(1)/getfacl(1)), libc API and adding neccessary kernel stuff. Semantics is supposed to be identical to the one in SunOS. There is also a wrapper (distributed separately) that implements SunOS-compatible acl(2)/facl(2) API, to make porting applications like Samba easier. Userland tools - setfacl(1...

...s now and I can't figure out what is broken. Google turns up similar issues from years back, but I hope this is a bug resurfacing. ACL entries are being deleted when files are saved. Here is an example: username: user1 group membership: Domain Users directory: /share/test file: test.xls getfacl /share # file: share # owner: DOMAIN+backupuser # group: DOMAIN+domain\040users user::rwx user:DOMAIN+backupuser:rwx group::rwx group:DOMAIN+domain\040users:rwx mask::rwx other::rwx getfacl /share/test # file: share/test # owner: DOMAIN+backupuser # group: DOMAIN+domain\040admins user::rwx group...