Re: [Samba] File share permissions act different on member server than on DC
On Sun, 2013-10-13 at 22:31 +0200, Marc Muehlfeld wrote: Hello, a while ago I wrote the http://wiki.samba.org/index.php/Setup_and_configure_file_shares HowTo. When I wrote the HowTo, I setup and configured the share on a DC - what still works like described. Today I tried the first time to do exactly the same on a 4.0.10 and 4.1.0 _member server_, and it doesn't work there. The share in smb.conf: [demo] path = /srv/samba/Demo read only = no The folder in the filesystem (XFS): drwxr-xr-x 2 root root6 13. Okt 22:16 /srv/samba/Demo I connect to the share as Domain Admin, right-click to it and go to the security tab. Here I see now everyone and two root entries. - I click the edit button and remove the two root entries. When I click apply, everything is reset (the two entries went back. - If i grant modify to everyone - where all allow entries are empty per default and click apply, then all boxes are checked automatically (full access) and CREATOR OWNER and CREATOR GROUP appear. And this two can't be removed as well any more. If I do exactly the same on a DC, then already the security tab shows on the first time I open it very different settings. The wiki screenshot shows them: http://wikiupload.samba.org/images/8/8f/Demo_Share_Security.png). But the folder on Linux side is also just 755 (and without any extended ACLs when I begin). Also whatever I change (like remove root from the ACLs) everything is done like expected and saved. The member server is also self compiled. I installed all packages on my RHEL6 that I have installed on the DC too. Any idea what could be different on a 4.x member than on a DC? Or did I find a bug? Regards Marc Hi It looks like that on the DC, Administrator already has admin permissions on the share (like root in Linux) but on a file server he doesn't. You have to specify Administrator as an admin user or give him full posix rights on the share using setfacl. Summary.mAdministrator behaves as: DC: like root on a Linux box File server: a normal unprivileged domain user I think the file server is correct. Windows doesn't have a user like root. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] File share permissions act different on member server than on DC
Hi, To enable my member server's ACLs to work just like the DC, as far as Windows is concerned, I needed to add the following parameters to the global section of smb.conf file on the member server: vfs objects = acl_xattr map acl inherit = yes store dos attributes = Yes These parameters are apparently added in the background by default for the smbd processes that are spawned by samba. Until I added those items, just like you I could never get the ACLs to stick and work correctly. Many of them were incorrectly labeled, also, even though the number was correct and the same as on the DC. Something to note: I believe the vfs object parameter does require that xattrs work on the file system that you use. Cheers, KeithM On Sun, 2013-10-13 at 22:31 +0200, Marc Muehlfeld wrote: Hello, a while ago I wrote the http://wiki.samba.org/index.php/Setup_and_configure_file_shares HowTo. When I wrote the HowTo, I setup and configured the share on a DC - what still works like described. Today I tried the first time to do exactly the same on a 4.0.10 and 4.1.0 _member server_, and it doesn't work there. The share in smb.conf: [demo] path = /srv/samba/Demo read only = no The folder in the filesystem (XFS): drwxr-xr-x 2 root root6 13. Okt 22:16 /srv/samba/Demo I connect to the share as Domain Admin, right-click to it and go to the security tab. Here I see now everyone and two root entries. - I click the edit button and remove the two root entries. When I click apply, everything is reset (the two entries went back. - If i grant modify to everyone - where all allow entries are empty per default and click apply, then all boxes are checked automatically (full access) and CREATOR OWNER and CREATOR GROUP appear. And this two can't be removed as well any more. If I do exactly the same on a DC, then already the security tab shows on the first time I open it very different settings. The wiki screenshot shows them: http://wikiupload.samba.org/images/8/8f/Demo_Share_Security.png). But the folder on Linux side is also just 755 (and without any extended ACLs when I begin). Also whatever I change (like remove root from the ACLs) everything is done like expected and saved. The member server is also self compiled. I installed all packages on my RHEL6 that I have installed on the DC too. Any idea what could be different on a 4.x member than on a DC? Or did I find a bug? Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] File share permissions act different on member server than on DC
Hello, a while ago I wrote the http://wiki.samba.org/index.php/Setup_and_configure_file_shares HowTo. When I wrote the HowTo, I setup and configured the share on a DC - what still works like described. Today I tried the first time to do exactly the same on a 4.0.10 and 4.1.0 _member server_, and it doesn't work there. The share in smb.conf: [demo] path = /srv/samba/Demo read only = no The folder in the filesystem (XFS): drwxr-xr-x 2 root root6 13. Okt 22:16 /srv/samba/Demo I connect to the share as Domain Admin, right-click to it and go to the security tab. Here I see now everyone and two root entries. - I click the edit button and remove the two root entries. When I click apply, everything is reset (the two entries went back. - If i grant modify to everyone - where all allow entries are empty per default and click apply, then all boxes are checked automatically (full access) and CREATOR OWNER and CREATOR GROUP appear. And this two can't be removed as well any more. If I do exactly the same on a DC, then already the security tab shows on the first time I open it very different settings. The wiki screenshot shows them: http://wikiupload.samba.org/images/8/8f/Demo_Share_Security.png). But the folder on Linux side is also just 755 (and without any extended ACLs when I begin). Also whatever I change (like remove root from the ACLs) everything is done like expected and saved. The member server is also self compiled. I installed all packages on my RHEL6 that I have installed on the DC too. Any idea what could be different on a 4.x member than on a DC? Or did I find a bug? Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
