similar to: Proposal to allow owning group to edit ACLs.

Dear Samba members, I am wondering if on joining a realm (with security=ADS), samba 3.x server gets automatically registered with MS Dynamic DNS server. My test with Samba 3.0.14a on linux did not reveal any such capability. But may be because I did not use the correct option? I would appreciate any help. Thanks in advance, -Arup Biswas

Hi, We would like to aggregate departmental servers on to a single samba share called "departments" and under departments would be a set of folders corresponding to the departments. Permissions need to be controlled by group memberships in active directory. When I go into folder properties on an XP with the departments share mounted, under the security tab I see Administrators,

Hello, I have a share [/projects] with multiple directories inside, each created for purpose of different projects. On Win2K I was able to specify users who were allowed to access particular directories and in some cases particular files (in case there is any secret file I was allowing access only to one person responsible for the project). I was wondering if it is possible to switch all server

Hi all, Playing with delegation today we delegated rights to some user on some OU and its contents for it can modify users inside that OU and children. We used "advanced view" in ADUC then "properties" on our delegated OU, then "security" tab, and finally we gave rights to our user. Perhaps this process is not correct but we believe it is a valid process to delegate

Hi all, I can make a simple change to smbd for the next stable release that will cause POSIX ACLs to be checked before returning the DOS mode of a file is "read-only". This will fix the case that people are complaining about where a POSIX ACL allows write access to a file but the standard owner "w" bit is missing (smbd currently returns DOS read-only for that case if the DOS

On Wed, Aug 24, 2016 at 04:06:42PM +0200, Ralph Böhme via samba wrote: > > Yeah, as much as I'd like to avoid adding a new option, I guess we > have to do something about it, my latest take on this is > > acl_xattr:default acl style = [posix|windows] > > This parameter determines the type of ACL that is > synthesized in case a file or

> > I am not sure how to use Microsoft AD tools to create shares and then > set > those shares permissable to certain AD groups. For example, I need to > create > a share called "Finance" and only the people in Finance can read/write > to > it. I was hoping to use SWAT to help in creation and management of > those > shares. vi smb.conf (or your favorite

Hi all, I am wondering if there is a way to bypass Samba's ACL checks and delegate access control completely to the underlying file system. My problem arises from the following scenario: Our file system implements ACLs that are to the best of my knowledge currently not readable by any of the existing VFS modules. When trying to access a file with an ACL going beyond the file's POSIX

Hello, I'm considering moving our windows shares (2003 domain) to a samba server, to improve performance, setup clustering and use scheduled lvm snapshots. However, I've not clarified how our current security policy would be applied on this server and like to ask you some things (sorry, I'm sure they already have been posted but there is so much on this topic to read I prefer to ask

Hello, We are running Samba 3.0.23c on Debian. Over the weekend, we updated out file server to Debian's kernel 2.6.18. We had previously never run a kernel with ACL support enabled. Since the upgrade, we are seeing very strange permission behavior. It appears to be related to POSIX ACL support in Samba. It seems that what's happening is this. We have a number of files that are

Dear All, Thank you for your help (especially Rowland Penny), I finally managed to migrate our ancient ext3 based, ISO-8859-2 encoded SaMBa 3.2.5 with locally stored UIDs and GIDs to a UTF-8 encoded ex4 based server running SaMBa 4.16.4 with RID UID/GID backend. However, after two weeks of the migration I observed something horrible: Windows Word (or MS Office in general) somehow manages to

This might be more inclusive if I said, Linux Permissions vs POSIX ACLs vs vfs_xattr. I have recently begun to discover the power and flexibility of using POSIX ACLs (by mounting my EXT3/4 filesystems with the acl option). This solved alot of security permissions issues between Samba and Linux groups of users. As I have delved into this deeper and begun using the VFS object, vfs_xattr, things

On Fri, Mar 17, 2017 at 1:54 PM, Volker Lendecke <vl at samba.org> wrote: > On Thu, Mar 16, 2017 at 05:38:57PM +0100, Christoph Kleineweber wrote: > > I am wondering if there is a way to bypass Samba's ACL checks and > delegate > > access control completely to the underlying file system. > > > > My problem arises from the following scenario: Our file system

thanks for suggestion, in other words you use only ACLs for users denying all for groups, unfortunately we had many group such as domain users, secretary, finance, etc belonging to users for which we need to apply at least 770 in order to gain a simplified permission management using groups the actual dirty workaround I applied was to track new files/dir by tailing with follow ( tail -f ) a

Please for give me if this gets a bit long. I am presently in the process of moving my company's file server from Windows NT 4.0 over to Linux with SAMBA and the lack of ACL support in the ext2 filesystem is making things very difficult to design. To clarify I am NOT writing about Samba's support for NT ACL's on NTFS. I am writing to possibly get some tips for getting around the lack

Then you are in violation of section 3 of the GPL as printed at http://oss.snapappliance.com/license.html Samba is licensed under the GPL, and the version in SNAP is modified. I'd like the modifications. The modifications available at oss.snapappliance.com are old. -Tom > Hi Tom, > > I am terribly sorry but this is Confidential information that cannot be > distributed outside

On Fri, Nov 15, 2019 at 10:51:41AM +1300, Andrew Bartlett via samba wrote: > On Thu, 2019-11-14 at 21:45 +0100, Matthias Leopold via samba wrote: > > Hi, > > > > I posted a similar question in 2018 with no answers, so I'll try > > again: > > Is it possible to have shares with Windows ACLs and shares with > > POSIX > > ACLs on the same server

Hi Ralph, >> The line causing the problem with 4.5rc2 is: >> acl_xattr:ignore system acls = yes > > this change was introduced in > <https://bugzilla.samba.org/show_bug.cgi?id=12028> > > Before explaining the gory details, one question: why are you setting > this option? I am setting this option per the vfs_acl_xattr.8 man page recommendations. Using a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm looking at the source code from http://oss.snapappliance.com/3.1/Opus3.1.079.tgz which has a number of improvements to the ACL handling code in Samba. However, the patches are against Samba 3.0.0. Is anyone working on integrating them? Otherwise, I'm going to see if I can get some of the patches to apply against Samba 3.0.6. - -Tom

I am a new Samba user so forgive my ignorance. I am using Samba version 2.0.6 on HP UX 11 and I need to use the "security mask" parameter to prevent even the owner of a file from changing the read only attribute (by right clicking on the file from a Windows NT 4.0 desktop) if the file is read only (Unix permissions: 0440). This is what I have in the "smb.conf" file: [global]