Web lists-archives.com

Re: [Samba] Computer Management - Share Security - No Read Access






---
Marco J. Shmerykowsky, P.E.
marco@xxxxxxxxxxxxxxxxx

--------------------------------------------
    Shmerykowsky Consulting Engineers
       Structural Analysis & Design
     102 West 38th Street, 2nd Floor
        New York, New York 10018
  Tel. (212)719-9700 Fax. (212)719-4822
       http://www.sce-engineers.com
--------------------------------------------

On 2019-02-19 4:22 pm, Rowland Penny via samba wrote:
On Tue, 19 Feb 2019 16:13:27 -0500
Marco Shmerykowsky <marco@xxxxxxxxxxxxxxxxx> wrote:


On 2019-02-19 3:47 pm, Rowland Penny via samba wrote:
> On Tue, 19 Feb 2019 15:25:51 -0500

>> What exactly does "START AGAIN" imply? Just chmod?
>
> 'ls' shows the correct ownership and Unix permissions:
>
> drwxrwx---+  4 root          domain admins 4096 Feb 17 19:13
> programs
>
> But 'getfacl' show something different:
>
> getfacl: Removing leading '/' from absolute path names
> # file: server
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other::r-x
>
> So what I am suggesting is that you use 'setfacl' to remove the
> extended ACL's, it is the only thing I can see different between my
> working system and your non-working system
>
> Rowland

root@machine253:/server# setfacl -b /server/users

root@machine253:/server# chmod 0770 /server/programs
root@machine253:/server# ls -l
total 20
drwxrwx--- 4 root          domain admins 4096 Feb 17 19:13 programs


root@machine253:/server# getfacl /server/programs
getfacl: Removing leading '/' from absolute path names
# file: server/programs
# owner: root
# group: domain\040admins
user::rwx
group::rwx
other::---

No Change

When you say 'No Change' I take it you mean that it is still not
working from Windows, because there is a change on the Unix side,
'Domain Admins' now has the required Unix permissions.

Correct.  In Computer Manager I can not access anything on the
share except for the share permissions.

I've also been trying to create "user directory" using %LogonUser%
via a group profile.  That deosn't seem to be working, but I don't
know if it's related.

One other thing, I cannot remember asking if Apparmor or Selinux is
installed and enabled.

Rowland

I tried sestatus and apparmor_status and bith returned 'command not found'
so I assume they're not running.  I installed Debian 9 from the LiveCD
with the cinnamon desktop.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba