Web lists-archives.com

Re: [Samba] Standalone with Windows ACL




On Wed, 04 Oct 2017 22:08:29 +0000
Tercio Gaudencio Filho via samba <samba@xxxxxxxxxxxxxxx> wrote:

> I'm configuring a standalone server(server role = standalone server)
> using POSIX ACLs to manage permissions on server.
> 
> I need to manage permissions(At least basic ones, like read, write)
> from Windows GUI.

Ah, so you don't want to use POSIX ACLs, you want to use Windows ACLs

> 
> Is that possible using standalone?

Yes

> 
> 
> When I try setting permissions on Windows I got this on the log:
> 
> [2017/10/04 19:07:08.437837,  2]
> ../source3/smbd/posix_acls.c:3006(set_canon_ace_list)
>   set_canon_ace_list: sys_acl_set_file type file failed for file
> AD225.TXT (Operation not permitted).
> 
> I issued grant on server(tercio is my username):
> 
> net rpc rights grant "tercio" SeDiskOperatorPrivilege -U "root"
> 
> My conf:
> 
> # Global parameters
> [global]
> workgroup = SER-CAPITAL
> log file = /var/log/samba/log.%m
> max log size = 1000
> panic action = /usr/share/samba/panic-action %d
> usershare path =
> map to guest = Bad User
> obey pam restrictions = Yes
> server role = standalone server
> dns proxy = No
> idmap config * : backend = tdb
> 
> [MyShare]
> path = /srv/samba/MyShare
> read only = No

You don't say what OS you are using, but on debian, you need to install
the acl & attr packages.

You need to be using a filesystem that understands ACLs, such as ext4

You also need to add these lines to smb.conf:

security = user
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes

There is also a Samba wiki page about this:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba