Re: [Samba] Different permissions displayed in security tab andadvanced tab
Dale Schroeder wrote: On 06/24/2011 12:11 AM, Linda W wrote: David was trying to view and change permissions on a user that was already listed on the security tab; he was not adding a user or group. I did this just now, changed it to full control for the one listed user and group and 'Everyone'... I then told it to propagate it did, but visiting a sub folder doesn't have the 'propagated from parent' message. But the perms got changed with the exception of trying to delete 'Creator_owner and 'creator_group'...they see to not be deletable. I haven't tested the full extent of changing 'creator-owner/group', but the user and group that are listed as the creator ownergroup is changeable. If yours looks like mine, the permissions of the user and group defined as the posix owner and group are blanked out, and if you try to mark anything there, it will fail. --- They are not blanked out -- they say 'special' because they only apply to the current folder (and are not propagated). Otherwise they say 'Full control' which is what the user hasbut the user's perms can be set to 'full control' on the security and permisions page because you can set the user and group id's to have Full control that is inheritable on the subdirs and file. But right now, unix doesn't support have the 'inherited from' information set(because the acls are set on each item, whereas on NT may files can share 1 access list. Much like on linux, already, multiple names can point to the same inode. Sometimes, there will be an error window popup; other times, the checked Like you, I have the drive mounted with user_xattr and acl. --- My mount options include no user_xattr or acl options (they aren't 'options' in xfs but 'features', like unix permission bits - they don't have to be specified to be turned on). This is a long standing difference between Samba and native MS, more of an annoyance than a problem. I have read that Samba is working on full acl compatibility with MS, I think in 3.6. We'll have to wait and see if this corrects the differences. I'm currently running 3.6, so maybe that explains some of the differences we are seeing... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Different permissions displayed in security tab andadvanced tab
Ok, thanks for your replies, frankly I still don't understand why Samba behaves like this, sounds like an inherent issue, then I can live with that. 2011/6/25 Linda Walsh sa...@tlinx.org Dale Schroeder wrote: On 06/24/2011 12:11 AM, Linda W wrote: David was trying to view and change permissions on a user that was already listed on the security tab; he was not adding a user or group. I did this just now, changed it to full control for the one listed user and group and 'Everyone'... I then told it to propagate it did, but visiting a sub folder doesn't have the 'propagated from parent' message. But the perms got changed with the exception of trying to delete 'Creator_owner and 'creator_group'...they see to not be deletable. I haven't tested the full extent of changing 'creator-owner/group', but the user and group that are listed as the creator ownergroup is changeable. If yours looks like mine, the permissions of the user and group defined as the posix owner and group are blanked out, and if you try to mark anything there, it will fail. --- They are not blanked out -- they say 'special' because they only apply to the current folder (and are not propagated). Otherwise they say 'Full control' which is what the user hasbut the user's perms can be set to 'full control' on the security and permisions page because you can set the user and group id's to have Full control that is inheritable on the subdirs and file. But right now, unix doesn't support have the 'inherited from' information set(because the acls are set on each item, whereas on NT may files can share 1 access list. Much like on linux, already, multiple names can point to the same inode. Sometimes, there will be an error window popup; other times, the checked Like you, I have the drive mounted with user_xattr and acl. --- My mount options include no user_xattr or acl options (they aren't 'options' in xfs but 'features', like unix permission bits - they don't have to be specified to be turned on). This is a long standing difference between Samba and native MS, more of an annoyance than a problem. I have read that Samba is working on full acl compatibility with MS, I think in 3.6. We'll have to wait and see if this corrects the differences. I'm currently running 3.6, so maybe that explains some of the differences we are seeing... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Different permissions displayed in security tab andadvanced tab
As for diffs on Security and Advanced tab -- see MS. (It's a feature...they don't show the exact same info...but close)... Yes. They are often referred to as molecular and atomic permissions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Different permissions displayed in security tab andadvanced tab
As for diffs on Security and Advanced tab -- see MS. (It's a feature...they don't show the exact same info...but close)... Atomic vs Molecular permissions Quoting from http://blog.emagined.com/2009/12/08/windows-security-part-7/ « (...) Although the exact permissions available depend on the particular version of Windows, these systems have two types of permissions, Molecular and Atomic. Molecular permissions, which are more high-level in nature, generally include ones such as the following: - Full Control - Modify - Read-Execute - Read - Write - Special Permissions (e.g., Take Ownership) In contrast, Atomic (or Advanced) permissions are very granular in nature. They generally include the following types of access rights: - Full Control - Traverse Folder / Execute File - List Folder / Read Data - Read Attributes - Read Extended Attributes - Create Files/ Write Data - Create Folders / Append Data - Write Attributes - Delete - Read Permissions - Change Permissions - Take Ownership (...) » -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Different permissions displayed in security tab andadvanced tab
Dale Schroeder wrote: David, Samba does not have the ability to change the permissions of directories on the security tab, and many times they will not be displayed either. As you have already discovered, permissions on directories are changed in Advanced. The permissions of files can be manipulated on the security tab. I just tried this -- I was able to add a Domain group, and give it 'full permissions' on the ACL and save it. 'RIGHTS' / priviledges work as well...(just tried it) my user has the 'SETakeOwnershipPrivilege' in the Domain. Among other things, this allowed me to change a directory that was owned by root w/permis = rwxr-xr-x, to being owned by me. As for diffs on Security and Advanced tab -- see MS. (It's a feature...they don't show the exact same info...but close)... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Different permissions displayed in security tab andadvanced tab
Linda W wrote: I just tried this -- I was able to add a Domain group, and give it 'full permissions' on the ACL and save it. 'RIGHTS' / priviledges work as well...(just tried it) FWIW, I use the 'xfs' file system. It requires no special options to enable acl or ea support on mounting. In my (G) section, I have: ea support = yes Then on each Share (they are share level params) that I want full Win compatbility, I use: map acl inherit = yes acl group control = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Different permissions displayed in security tab andadvanced tab
David, Samba does not have the ability to change the permissions of directories on the security tab, and many times they will not be displayed either. As you have already discovered, permissions on directories are changed in Advanced. The permissions of files can be manipulated on the security tab. Dale On 06/22/2011 4:28 AM, David Roid wrote: Hello everyone, Got a weird ACL issue: First of all, my Linux host is fully ACL enabled (kernel support, file system support, mount with xattr, library support, samba compilation support, all set). Then a share is created with vfs acl_xattr and ea support on, got mounted on a Windows client as administrator, and a directory created right under the drive. The issue is when I was checking out the security tab, as can be seen from attached screenshot, the administrator is displayed with no permission at all (nothing ticked) in the basic security tab, whereas the advanced tab shows the administrator with full control, which is self-contradictory and confusing. I then try to grant some permission to administrator by ticking and clicking apply, failed with the error can't save the changes... the parameter is invalid. I do suppose full control is correct because I can read, write and everything under the directory, plus getfacl from Linux side demonstrated that administrator is actually with rwx on the newly created directory. Any idea why is this? Thanks in advance. p.s. I have no problem adding/granting additional ACLs for users other than administrator. Regards -David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
