Web lists-archives.com

Re: [Samba] Adding Share Windows ACL




Hello,

i also fired up a new vm :) and configured "rid" backend. I followed all step in https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs.

Sett the Attributs in smb.conf:

vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes

Granting the SeDiskOperatorPrivilege:

# net rpc rights grant "SAMDOM\Domain Admins" SeDiskOperatorPrivilege -U (successful after trourbleshoting)

Adding Share (i just copy and paste the example):

# mkdir -p /srv/samba/Demo/
# chown root:"Domain Admins" /srv/samba/Demo/ --> NOW WORKING BECAUSE I SET UP RID BACKEND
# chmod 0770 /srv/samba/Demo/

smb.conf

[Demo]
       path = /srv/samba/Demo/
       read only = no

-> Login to Windows with administrator and connect to FILESERVER via "Computer Management" -> Chosing Demo Share and going to security Tab ->

Regarads

Micha


Am 26.01.2018 um 16:31 schrieb Rowland Penny via samba:
On Fri, 26 Jan 2018 14:18:53 +0000
Rowland Penny via samba <samba@xxxxxxxxxxxxxxx> wrote:

On Fri, 26 Jan 2018 14:10:40 +0100
Micha Ballmann <ballmann@xxxxxxxxxxxxx> wrote:

To set share windows permissions and windows acl i login on a
windows 7 computer with the administrator user.|Open ||Computer
Management and connect to the fileserver. when im trying now to set
acl i ve no permissions.|||||||

Well, I couldn't understand why it wasn't working, so I fired up a VM
running win7 and guess what, it doesn't work for me either, it did,
but it doesn't now :-(

I will get back to you.

Rowland

OK, I found out why it wasn't working, I was connecting to a share that
belonged to 'root:root' with 'drwxr-xr-x' permissions.

I created a new share:

[data]
      path = /home/testdata
      read only = no

mkdir /home/testdata

getfacl /home/testdata shows this:

getfacl: Removing leading '/' from absolute path names
# file: home/testdata
# owner: rowland
# group: domain\040users
user::rwx
user:root:rwx
group::---
group:root:---
group:2004:r-x
group:2005:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::---
default:group:root:---
default:group:2004:r-x
default:group:2005:rwx
default:mask::rwx
default:other::---

Change the ownership:

chown root:Unix\ Admins /home/testdata

Now go to the Win7 VM and add 'rowland' back as a user with 'Read &
execute, List folder contents and Read' permissions. This worked
without error and getfacl now shows:

  getfacl: Removing leading '/' from absolute path names
# file: home/testdata
# owner: root
# group: unix\040admins
user::rwx
user:root:rwx
user:rowland:r-x
group::---
group:root:---
group:2004:r-x
group:2005:rwx
group:unix\040admins:---
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:rowland:r-x
default:group::---
default:group:root:---
default:group:2004:r-x
default:group:2005:rwx
default:group:unix\040admins:---
default:mask::rwx
default:other::---

Do you have these lines in smb.conf:

     vfs objects = acl_xattr
     map acl inherit = Yes
     store dos attributes = Yes

Are the 'acl' and 'attr' packages installed.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba