-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Unfortunately I don't know how to set ACLs with smbclient.
What I've got is a Windows 2000 MixedMode domain, and a windows 2000 client. I use the client to set the ACLs:
getfacl A # file: A # owner: MIXEDDOMAIN+administrator # group: MIXEDDOMAIN+Domain Users user::rwx group::--- group:MIXEDDOMAIN+A:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:MIXEDDOMAIN+A:rwx default:mask::rwx default:other::---
That works fine. (There is a directory B, similar to A above that has permissions for B). But when User A tries to open directory B, I get the error.
Note that group A has bobA as a member, group B has bobB.
Here's the smbclient output:
smbclient //localhost/testSMB -U MIXEDDOMAIN+boba Password: Domain=[MIXEDDOMAIN] OS=[Unix] Server=[Samba 3.0.8] smb: \> ls ~ . D 0 Tue Nov 16 16:17:42 2004 ~ .. D 0 Tue Nov 16 15:21:11 2004 ~ A D 0 Tue Nov 16 15:39:10 2004 ~ B D 0 Tue Nov 16 15:39:16 2004 ~ A.txt R 0 Tue Nov 16 16:17:29 2004 ~ B.txt R 0 Tue Nov 16 16:17:37 2004
~ 56180 blocks of size 2097152. 56176 blocks available smb: \> cd A smb: \A\> cd .. smb: \> cd B smb: \B\> ls NT_STATUS_OBJECT_PATH_NOT_FOUND listing \B\\*
~ 56180 blocks of size 2097152. 56176 blocks available smb: \B\>
I'm trying it again with direct users in the ACLs instead of groups.
- -Tom
Jeremy Allison wrote: | On Tue, Nov 16, 2004 at 04:07:15PM -0800, Tom Dickson wrote: | |>-----BEGIN PGP SIGNED MESSAGE----- |>Hash: SHA1 |> |>We had 3.0.2a which worked fine. If you tried to open a file that the |>ACLs wouldn't let you, you'd get access denied. We had follow |>symlinks=no in smb.conf |> |>Now with 3.0.8, and no other changes, we get a message about "The file |>has moved or otherwise gone away," instead of access denied. |> |>And we get this in the log file: |> |>[2004/11/16 15:57:25, 1] smbd/vfs.c:reduce_name(896) |>~ reduce_name: couldn't get realpath for B/* |> |>Changing follow symlinks=yes fixed it. Is this a bug? I'd like to use |>ACLs and follow symlinks=no. | | | What client are you using to open the file ? I'll check this for | 3.0.10 as I'm currently working in this area. It'd be easiest if | you could reproduce using smbclient - can you give me an exact | method to reproduce (paths you're using, acls you have set etc). | | Jeremy. | | . | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBmpqu2dxAfYNwANIRAhkEAKCWHST/SfgjbW23ynaGnttpgrteEACdEMes ueN1avkM2RABQGuucvYpIpc= =7Ccl -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba