Web lists-archives.com

Re: [Samba] Computer Management - Share Security - No Read Access




On Tue, 19 Feb 2019 16:42:44 -0500
Marco Shmerykowsky <marco@xxxxxxxxxxxxxxxxx> wrote:

> 
> 
> ---
> Marco J. Shmerykowsky, P.E.
> marco@xxxxxxxxxxxxxxxxx
> 
> --------------------------------------------
>      Shmerykowsky Consulting Engineers
>         Structural Analysis & Design
>       102 West 38th Street, 2nd Floor
>          New York, New York 10018
>    Tel. (212)719-9700 Fax. (212)719-4822
>         http://www.sce-engineers.com
> --------------------------------------------
> 
> On 2019-02-19 4:22 pm, Rowland Penny via samba wrote:
> > On Tue, 19 Feb 2019 16:13:27 -0500
> > Marco Shmerykowsky <marco@xxxxxxxxxxxxxxxxx> wrote:
> > 
> >> 
> >> On 2019-02-19 3:47 pm, Rowland Penny via samba wrote:
> >> > On Tue, 19 Feb 2019 15:25:51 -0500
> >> 
> >> >> What exactly does "START AGAIN" imply? Just chmod?
> >> >
> >> > 'ls' shows the correct ownership and Unix permissions:
> >> >
> >> > drwxrwx---+  4 root          domain admins 4096 Feb 17 19:13
> >> > programs
> >> >
> >> > But 'getfacl' show something different:
> >> >
> >> > getfacl: Removing leading '/' from absolute path names
> >> > # file: server
> >> > # owner: root
> >> > # group: root
> >> > user::rwx
> >> > group::r-x
> >> > other::r-x
> >> >
> >> > So what I am suggesting is that you use 'setfacl' to remove the
> >> > extended ACL's, it is the only thing I can see different between
> >> > my working system and your non-working system
> >> >
> >> > Rowland
> >> 
> >> root@machine253:/server# setfacl -b /server/users
> >> 
> >> root@machine253:/server# chmod 0770 /server/programs
> >> root@machine253:/server# ls -l
> >> total 20
> >> drwxrwx--- 4 root          domain admins 4096 Feb 17 19:13 programs
> >> 
> >> 
> >> root@machine253:/server# getfacl /server/programs
> >> getfacl: Removing leading '/' from absolute path names
> >> # file: server/programs
> >> # owner: root
> >> # group: domain\040admins
> >> user::rwx
> >> group::rwx
> >> other::---
> >> 
> >> No Change
> > 
> > When you say 'No Change' I take it you mean that it is still not
> > working from Windows, because there is a change on the Unix side,
> > 'Domain Admins' now has the required Unix permissions.
> 
> Correct.  In Computer Manager I can not access anything on the
> share except for the share permissions.
> 
> I've also been trying to create "user directory" using %LogonUser%
> via a group profile.  That deosn't seem to be working, but I don't
> know if it's related.
> > 
> > One other thing, I cannot remember asking if Apparmor or Selinux is
> > installed and enabled.
> > 
> > Rowland
> 
> I tried sestatus and apparmor_status and bith returned 'command not 
> found'
> so I assume they're not running.  I installed Debian 9 from the LiveCD
> with the cinnamon desktop.

OK, it is late here, but just in case something has changed, I will set
up a new Debian 9 VM tommorrow, install the distro Samba Packages and
follow the Samba wiki page.

Can you confirm that you are using Samba from Debian 9.
You seem to be using '/server' as the shared directory, is this
correct ?
What Windows version are you using ? (I know you may have already said,
but it saves me looking it up)

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba