Web lists-archives.com

Re: [Samba] Computer Management - Share Security - No Read Access




On Tue, 19 Feb 2019 16:13:27 -0500
Marco Shmerykowsky <marco@xxxxxxxxxxxxxxxxx> wrote:

> 
> On 2019-02-19 3:47 pm, Rowland Penny via samba wrote:
> > On Tue, 19 Feb 2019 15:25:51 -0500
> 
> >> What exactly does "START AGAIN" imply? Just chmod?
> > 
> > 'ls' shows the correct ownership and Unix permissions:
> > 
> > drwxrwx---+  4 root          domain admins 4096 Feb 17 19:13
> > programs
> > 
> > But 'getfacl' show something different:
> > 
> > getfacl: Removing leading '/' from absolute path names
> > # file: server
> > # owner: root
> > # group: root
> > user::rwx
> > group::r-x
> > other::r-x
> > 
> > So what I am suggesting is that you use 'setfacl' to remove the
> > extended ACL's, it is the only thing I can see different between my
> > working system and your non-working system
> > 
> > Rowland
> 
> root@machine253:/server# setfacl -b /server/users
> 
> root@machine253:/server# chmod 0770 /server/programs
> root@machine253:/server# ls -l
> total 20
> drwxrwx--- 4 root          domain admins 4096 Feb 17 19:13 programs
> 
> 
> root@machine253:/server# getfacl /server/programs
> getfacl: Removing leading '/' from absolute path names
> # file: server/programs
> # owner: root
> # group: domain\040admins
> user::rwx
> group::rwx
> other::---
> 
> No Change

When you say 'No Change' I take it you mean that it is still not
working from Windows, because there is a change on the Unix side,
'Domain Admins' now has the required Unix permissions.

One other thing, I cannot remember asking if Apparmor or Selinux is
installed and enabled.

Rowland
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba