search for: sacl

Hello, I tried this week to upgrade my samba 3.2.4 (2 PDCs one trusting the other) to samba 3.3.0 then samba 3.3.1, and apart from the problem with winbindd and trusted domain, my users are not able to modify any ms word document (excel does the same). You can open the file correctly, modify it, and when saving it, it pops up "Access denied" If you try to save the file in the same

...ol step2: reshuffle the data by columns then do step1, this step need to run 10000 times; output will be 23*10000=230,000 rows. Can anyone point out how to automate this 10000 runs in R? Thanks, -- View this message in context: http://r.789695.n4.nabble.com/re-sampling-of-large-sacle-data-tp2304165p2304165.html Sent from the R help mailing list archive at Nabble.com.

...S/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: vgiffin at apple.com Created an attachment (id=1420) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1420) SACL support for sshd on Mac OS X. Attached is a patch for building OpenSSH 4.7p1 on Mac OS X. This patch adds SACL support to ssh for Mac OS X. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assign...

...n under the covers, so I''ll comment on the C++ API I created. Most of what I write is about our implementation rather than your prototype. I note that you aren''t (yet?) targeting a NTSD (SecurityDescriptor) yet. This is a good thing to have, it contains the owner, group, DACL and SACL - each of which is optional depending on LDAP server options set before the LDAP query is made. The owner and group are just SIDs, the DACL (Discretionary ACL) is what you normally look at, and the SACL or System ACL is for audit (secret police) type features, normally visible only to domain admins...

...S_SYSTEM_SECURITY in the DesiredAccess mask? I?m particularly interested in cases where the SMB client is connected as an authenticated user with administrative (superuser) privileges on the share, and has made the request on a directory. Should such a client expect full (read/change) access to the SACL (under any conditions)? The question above is theoretical in nature. Practically speaking, does any version of the Samba server respond correctly to the request described above? I have a Windows application that makes such a request, and have tested it against Samba server versions 3.5.10-125.el6...

...OL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-21-197107965-2004198405-1252158227-512 group_sid : * group_sid : S-1-5-21-197107965-2004198405-1252158227-512 sacl : * sacl: struct security_acl revision : SECURITY_ACL_REVISION_ADS (4) size : 0x0078 (120) num_aces : 0x00000002 (2) [...] I assume that it isn't safe to use ldbe...

Hello: I have a Windows 2003 Server that is causing rpcclient to SEGV via the following command: $ rpcclient -U Administrator%foobar -c 'netshareenum 502' <server> ... type: 0x6269: SEC_DESC_OWNER_DEFAULTED SEC_DESC_DACL_DEFAULTED SEC_DESC_SACL_DEFAULTED SEC_DESC_DACL_TRUSTED SEC_DESC_SACL_AUTO_INHERIT_REQ SEC_DESC_SACL_PROTECTED SEC_DESC_RM_CONTROL_VALID SACL Segmentation fault (core dumped) I did a little poking and it seems that the issue is here: source3/rpcclient/cmd_srvsvc.c: 384 case 502: 385 for (i = 0; i < total...

..._SELF_RELATIVE > owner_sid : * > owner_sid : > S-1-5-21-197107965-2004198405-1252158227-512 > group_sid : * > group_sid : > S-1-5-21-197107965-2004198405-1252158227-512 > sacl : * > sacl: struct security_acl > revision : SECURITY_ACL_REVISION_ADS (4) > size : 0x0078 (120) > num_aces : 0x00000002 (2) > [...] > > I assume...

Hello R-helpers I want to put a color scale in a plot: I've got an xy plot where the values of the response (z=f(x,y)) is symbolically given by colors (like heat or rainbow color scale) I would like to put such a scale with apprpriates labels in the plot, so as to facilitate the interpretation (like in a finite elements result plot) How is taht possible? Thanks Anne [[alternative

Thank you Andrew and Rowland. (Rowland - I tried 'samba-tool dsacl get', thank you! but found the output hard to decipher so I used ldp.exe on Windows instead in the end) On Wed, 22 Nov 2023 at 20:22, Andrew Bartlett <abartlet at samba.org> wrote: > > On Wed, 2023-11-22 at 17:33 +0000, Jonathan Hunter wrote: > > Are permissions checked in a...

On Wed, 2023-11-22 at 17:33 +0000, Jonathan Hunter wrote: > On Wed, 22 Nov 2023 at 01:03, Andrew Bartlett < > abartlet at samba.org > > wrote: > > Are you sure that the ACLs on all the items in the chain should > > allow reading? > > It's an excellent question, thank you - I'd like to just say "Yes" > but > I will certainly check, as

Hi, A while ago I successfully set permissions on a section of my LDAP / AD tree, using either ADUC or ADSIEDIT (I forget which). These permissions allowed my own user to access this section of the tree; I removed permissions for 'Domain Admins' etc. to ensure that others would not be able to view or change the data - this has worked great for many months. I have just tried to add a new

...the NFSv4 ACL handling code is surrounded by #ifdef SUPPORT_NFS4_ACLS - the parts that handle sending and receiving the ACL type used in the higher protocol version are compiled in unconditionally The remaining to-dos are: * autoconf integration * move platform-specific code from acl.c to lib/sysacls.c or a new file lib/sysnfs4acls.c ? * wasn't sure how to SUBPROTOCOL_VERSION worked so I've revved PROTOCOL_VERSION to 31 - if this is agreed we need to set all the code that references the higher protocol version to use the right number * rebase off HEAD fake-super support is done. I...

...RITY_DESCRIPTOR_REVISION_1 (1) > ???????type ????????????????????: 0x9004 (36868) > ??????????????0: SEC_DESC_OWNER_DEFAULTED > ??????????????0: SEC_DESC_GROUP_DEFAULTED > ??????????????1: SEC_DESC_DACL_PRESENT > ??????????????0: SEC_DESC_DACL_DEFAULTED > ??????????????0: SEC_DESC_SACL_PRESENT > ??????????????0: SEC_DESC_SACL_DEFAULTED > ??????????????0: SEC_DESC_DACL_TRUSTED > ??????????????0: SEC_DESC_SERVER_SECURITY > ??????????????0: SEC_DESC_DACL_AUTO_INHERIT_REQ > ??????????????0: SEC_DESC_SACL_AUTO_INHERIT_REQ > ??????????????0: SEC_DESC_DACL_AUTO_INHERIT...

...VISION_1 (1) > type : 0x9004 (36868) > 0: SEC_DESC_OWNER_DEFAULTED > 0: SEC_DESC_GROUP_DEFAULTED > 1: SEC_DESC_DACL_PRESENT > 0: SEC_DESC_DACL_DEFAULTED > 0: SEC_DESC_SACL_PRESENT > 0: SEC_DESC_SACL_DEFAULTED > 0: SEC_DESC_DACL_TRUSTED > 0: SEC_DESC_SERVER_SECURITY > 0: SEC_DESC_DACL_AUTO_INHERIT_REQ > 0: SEC_DESC_SACL_AUTO_INHERIT_REQ > 0: SEC_DESC...

...ax shares = 1000 usershare path = /var/samba/shares usershare owner only = no usershare allow guests = yes usershare allow full config = yes ; Filter inaccessible shares from the browse list. com.apple:filter shares by access = yes ; Check in with PAM to enforce SACL access policy. obey pam restrictions = yes ; Don't be trying to enforce ACLs in userspace. acl check permissions = no ; Make sure that we resolve unqualified names as NetBIOS before DNS. name resolve order = lmhosts wins bcast host ; Pull in system-wide prefer...

On 11/04/2023 13:36, Gary Dale via samba wrote: > On 2023-04-11 04:15, Rowland Penny via samba wrote: >> >> >> What 'Debian distribution-specific' installation did you follow ? > The one linked to in AD DC wiki. Where abouts is this link ? I checked here: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller But couldn't

...user = true' for service Unknown Service (snum == -1) security_descriptor: struct security_descriptor revision: SECURITY_DESCRIPTOR_REVISION_1 (1) type: 0x9114 (37140) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 1: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 1: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 1: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_...

...want. My goal is, (1) to create a new Set of ACLs at directory "HERE" and (2) "set" the Windows checkbox "Replace all child object permission entries with inheritable permission entries from this object" My command looks like: smbcacls //mynas/share1 some/path/HERE -SACL:rw_group:ALLOWED/CI|OI/CHANGE,ACL:ro_group:ALLOWED/CI|OI/READ --propagate-inheritance -I allow #omitted credentialstuff part (1) does work - all inherited permissions from "share1", "some" and "path" are dropped on directory "HERE" and replaced by the two gr...

...(sxp); return -1; } - } else if (errno == ENOTSUP) { + } else if (errno == ENOTSUP || errno == ENOSYS) { /* ACLs are not supported, so pretend we have a basic ACL. */ if (type == SMB_ACL_TYPE_ACCESS) rsync_acl_fake_perms(racl, sxp->st.st_mode); @@ -1058,6 +1058,9 @@ if (sacl == NULL) { /* Couldn't get an ACL. Darn. */ switch (errno) { + case ENOSYS: + /* ACL functions aren't implemented... */ + break; case ENOTSUP: /* ACLs are disabled. We could yell at the user to turn them on, but... */ break; Any comments? Paul Slootman