Web lists-archives.com

Re: [Samba] Problem with rights in samba 4.9.0




Hi Rowland, 



Follow the tutorial and re-create all the rights in the folder. 


Now the problem is this: 


When one of the users creates a folder the rights are duplicated. 


Rights in root folder: 


Allow | grp-laboratory | Full Control | None | this folder, subfolders and files 
Allow | CREATE OWNER | Full control | None | Subfolders and files only 
Allow | CREATE GROUP | None | None | Subfolders and files only 
Allow | Administrator | Full control | None | This folder, subfolders and files 


Rights when a user creates a folder within the root share: 


Allow | iris.oliveira (iri ..) | Full control | None | This folder, subfolders and files 
Allow | grp-laboratory | Read & execute | None | this folder only 
Allow | Administrator | Read & execute | None | This folder only 
Allow | CREATE OWNER | Full control | None | Subfolders and files only 
Allow | grp-laboratory | Full Control | None | subfolders and files only 
Allow | Administrator | Full control | None | This folder, subfolders and files 
Allow | CREATE GROUP | None | None | Subfolders and files only 
Allow | Administrator | Full control | None | This folder, subfolders and files 
Allow | Domain Uses | None | None | This folder, subfolders and files 
Allow | Everyone | None | None | This folder, subfolders and files 


net rpc rights list privileges SeDiskOperatorPrivilege -U "GENESIS \ administrator" 
Enter GENESIS \ administrator's password: 
SeDiskOperatorPrivilege: 
BUILTIN \ Administrators 
GENESIS \ Domain Admins 


Is there any command to clear all the rights and force it to catch the new ones? 


I did everything that the tutorial asks and I still have problems, can you help me with this? 


Regards, 


Gabriel Franca 
----- Mensagem original -----

De: "Rowland Penny via samba" <samba@xxxxxxxxxxxxxxx> 
Para: samba@xxxxxxxxxxxxxxx 
Enviadas: Terça-feira, 30 de Outubro de 2018 15:21:37 
Assunto: Re: [Samba] Problem with rights in samba 4.9.0 

On Tue, 30 Oct 2018 14:51:32 -0300 (BRT) 
"Gabriel O. Franca via samba" <samba@xxxxxxxxxxxxxxx> wrote: 

> 
> 
> good afternoon everyone, 
> 
> 
> I have a problem that I can not solve I have installed a samba 4.9.0 
> in centos 7.5 using XFS. 
> 
> 
> In the DPTO share I have the departmental folders, which I gave the 
> rights to the groups. 
> 
> 
> The problem: 
> 
> 
> when a user creates a file within some sub-folders the group's rights 
> do not arrive in the file is read-only. 
> 
> 
> When the user accesses a website and downloads the file directly to 
> the share, nobody in the group can access that file and when I go 
> through windows and right click and access the security tab it 
> closes. 
> 
> 
> I need some help to understand how to use acl and give rights 
> correctly. 
> 
> 
> follows smb.conf 
> 
> 
> # Global parameters 
> [global] 
> netbios name = SAMBA 
> realm = NOIR.CORP 
> server role = active directory domain controller 
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
> winbindd, ntp_signd, kcc, dnsupdate workgroup = NOIR 
> ldap server require strong auth = no 
> idmap_ldb:use rfc2307 = yes 
> vfs objects = recycle acl_xattr 

Remove 'acl_xattr' it is builtin on a DC 

> map acl inherit = Yes 
> store dos attributes = Yes 

Same goes for the above two lines. 

> recycle:keeptree = yes 
> recycle:versions = yes 
> recycle:repository = /dados/trash/%U 
> recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso 
> recycle:exclude_dir = tmp, cache 
> 
> [dpto] 
> path = /dados/dpto 
> read only = No 
> hide unreadable = yes 
> hide unwriteable files = yes 
> #Bloqueio de extensoes de midia no samba 
> # veto files 
> = /*.mp3/*.nws/*.{*}/*.avi/*.mpeg/*.mpg/*.wma/*.wmv/*.exe #nao tentar 
> fazer um lock nesses arquivos veto oplock files 
> = /*.doc/*.xls/*.mdb/*.docx/*.DOC/*.DOCX/*.XLSX/*.xlsx/*.rtf/*.RTF/ 

Your main problem is that you are using a DC as a fileserver and are 
trying to set up as if it is a fileserver, this doesn't work. 
You need to use Windows ACL's, for more info, see here: 

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs 

Rowland 

-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba