Tom Dickson wrote on Tuesday, 15 July 2003 9:40 a.m.: > Hello all, > > I want to make a Samba server act as much like an 2000 machine as > possible. I've successfully got winbindd running, and also have > compiled ACLs into the kernel and the XFS filesystem.
Before you get too involved, it's worth knowing that Samba cannot fully duplicate Windows file permissions - it only exposes the functionality given by POSIX ACLs. That is, you can have multiple users/groups on a file, but each entry (ACE) only has read, write or execute as per Unix standards, and some special groups (eg. "Authenticated Users") will not work. > Currently I have issues with default permissions (removing Everyone > group, etc) (I have 2.2.5 right now). I think I'm going to have to > tune the set directory mode/mask parameters, and I'm wondering if > anyone has this working. I think 3.0 works a little better in this regard, however it seems that you can never actually remove the Everyone group - you can only take away all of its permissions. > Also, what is the status on this > http://lists.samba.org/pipermail/samba-technical/2003-June/045448.html > issue? Haven't seen this one myself. > Also, is it possible to give REAL full control to someone who is not > the owner, or do I have to use the Windows chown program written by > samba team first? Only if they act as root on the Unix machine (use the "admin users" parameter in smb.conf). You can give read, write and execute access to a file to anyone, but only root can change ownership of a file (this is a Unix-imposed condition). You can specify @groupname (eg. "@DOMAIN\Domain Admins") to give a whole group admin access. > In other words, tell me everything you know about ACLs! :) Actually, > if I get enough information I can help update the Samba HOWTO for > this purpose. I would recommend (if you haven't already) that you read the relevant parts of the latest HOWTO collection document at: http://samba.org/~jht/NT4migration/Samba-HOWTO-Collection.pdf There is also an unofficial Samba+ACL HOWTO (written by me): http://www.bluelightning.org/linux/samba_acl_howto I will be uploading an updated version when I get home this evening (in about 8 hours). Corrections welcome. Cheers, Paul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
