Help!

[Samba] acl's, Samba4 and rw shares

 
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Samba RSS
Next:  hi  
Author Message
steve
External


Since: Nov 07, 2011
Posts: 98



PostPosted: Thu Feb 16, 2012 12:10 pm    Post subject: [Samba] acl's, Samba4 and rw shares
Archived from groups: linux>samba (more info?)

Hi
I'm trying to make a share called dropbox rw for members of a group.

/usr/local/samba/etc/smb.conf
[global]
server role = domain controller
workgroup = CACTUS
realm = hh3.site
netbios name = HH3
passdb backend = samba4
template shell = /bin/bash
[netlogon]
path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[home]
path = /home/CACTUS/%USERNAME%
read only = No
[profiles]
path = /home/CACTUS/profiles%USERNAME%
read only = No
[dropbox]
path = /home/dropbox
read only = No

I have

mkdir -m 0770 /home/dropbox
chown steve:debusers /home/dropbox
chmod g+s /home/dropbox/
setfacl -Rm g:debusers:rw,d:g:debusers:rw /home/dropbox/

getfacl /home/dropbox/
getfacl: Removing leading '/' from absolute path names
# file: home/dropbox/
# owner: steve
# group: debusers
# flags: -s-
user::rwx
group::rwx
group:debusers:rw-
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:debusers:rw-
default:mask::rwx
default:other::---

If I create a file in the share using touch (or right click on the share
> new in explorer), no problem:

steve2@hh3:~$ touch /home/dropbox/hola
steve2@hh3:~$ ls -l /home/dropbox/hola
-rw-rw----+ 1 steve2 debusers 0 2012-02-16 12:11 /home/dropbox/hola

But, if I create the file in my home folder (or the mapped home folder
drive on Windows) and then copy or drag it to the share, I don't get
group rw:
steve2@hh3:~$ touch hola2
steve2@hh3:~$ cp hola2 /home/dropbox/
steve2@hh3:~$ ls -la /home/dropbox/hola2
-rw-r-----+ 1 steve2 debusers 0 2012-02-16 12:12 /home/dropbox/hola2

None of the smb.conf force group nor acl commands are recognised. I
could cron the setfacl as a workaround or get the users to chmod it to
660 but, well. . .

1. Is it possible to copy a file to a folder and have it inherit the
parent folder permissions?
2. How do you chmod 660 on windows?

Thanks,
Steve






--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Back to top
Aaron E.
External


Since: May 04, 2011
Posts: 9



PostPosted: Thu Feb 16, 2012 4:10 pm    Post subject: Re: [Samba] acl's, Samba4 and rw shares [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

The permissions are slightly different for s4, as in you will be setting
most of the folder perissions at the windows level. Youll need to make
sure that user_xattr and acl is enabled for the filesystem.

You can't really chmod per say, youll need to access the security tab
for the share and apply permissions you need at that level...

you can view the permissions using the samba-tool for the share at the
nix level like so

samba-tool ntacl folder/file

you'll see this gives a bunch of jibberish but you will see it working..
If you havn't assigned perms through windows yet it will return stating
no permissions or something to that effect..

Youneed to set the setfacl -m default:user:xxx folder for inheritance in
linux but windows users will always use ntacls I believe



On 02/16/2012 06:37 AM, steve wrote:
> Hi
> I'm trying to make a share called dropbox rw for members of a group.
>
> /usr/local/samba/etc/smb.conf
> [global]
> server role = domain controller
> workgroup = CACTUS
> realm = hh3.site
> netbios name = HH3
> passdb backend = samba4
> template shell = /bin/bash
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
> read only = No
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
> [home]
> path = /home/CACTUS/%USERNAME%
> read only = No
> [profiles]
> path = /home/CACTUS/profiles%USERNAME%
> read only = No
> [dropbox]
> path = /home/dropbox
> read only = No
>
> I have
>
> mkdir -m 0770 /home/dropbox
> chown steve:debusers /home/dropbox
> chmod g+s /home/dropbox/
> setfacl -Rm g:debusers:rw,d:g:debusers:rw /home/dropbox/
>
> getfacl /home/dropbox/
> getfacl: Removing leading '/' from absolute path names
> # file: home/dropbox/
> # owner: steve
> # group: debusers
> # flags: -s-
> user::rwx
> group::rwx
> group:debusers:rw-
> mask::rwx
> other::---
> default:user::rwx
> default:group::rwx
> default:group:debusers:rw-
> default:mask::rwx
> default:other::---
>
> If I create a file in the share using touch (or right click on the share
> > new in explorer), no problem:
>
> steve2@hh3:~$ touch /home/dropbox/hola
> steve2@hh3:~$ ls -l /home/dropbox/hola
> -rw-rw----+ 1 steve2 debusers 0 2012-02-16 12:11 /home/dropbox/hola
>
> But, if I create the file in my home folder (or the mapped home folder
> drive on Windows) and then copy or drag it to the share, I don't get
> group rw:
> steve2@hh3:~$ touch hola2
> steve2@hh3:~$ cp hola2 /home/dropbox/
> steve2@hh3:~$ ls -la /home/dropbox/hola2
> -rw-r-----+ 1 steve2 debusers 0 2012-02-16 12:12 /home/dropbox/hola2
>
> None of the smb.conf force group nor acl commands are recognised. I
> could cron the setfacl as a workaround or get the users to chmod it to
> 660 but, well. . .
>
> 1. Is it possible to copy a file to a folder and have it inherit the
> parent folder permissions?
> 2. How do you chmod 660 on windows?
>
> Thanks,
> Steve
>
>
>
>
>
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Back to top
steve
External


Since: Nov 07, 2011
Posts: 98



PostPosted: Thu Feb 16, 2012 6:10 pm    Post subject: Re: [Samba] acl's, Samba4 and rw shares [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

On 02/16/2012 03:48 PM, Aaron E. wrote:
> The permissions are slightly different for s4, as in you will be
> setting most of the folder perissions at the windows level. Youll need
> to make sure that user_xattr and acl is enabled for the filesystem.
>
That seems OK:
mount | grep xattr
/dev/sda1 on / type ext4 (rw,errors=remount-ro,user_xattr,commit=0)
> You can't really chmod per say, youll need to access the security tab
> for the share and apply permissions you need at that level...
>

> you can view the permissions using the samba-tool for the share at the
> nix level like so
>
> samba-tool ntacl folder/file
>
> you'll see this gives a bunch of jibberish but you will see it
> working.. If you havn't assigned perms through windows yet it will
> return stating no permissions or something to that effect..
>
I tried this:
-rw-r----- 1 steve2 debusers 0 2012-02-16 14:47 /home/dropbox/s2
samba-tool ntacl get /home/dropbox/s2
ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data
available')
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 162, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
line 106, in run
acl = getntacl(lp, file, xattr_backend, eadb_file)
File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
line 62, in getntacl
xattr.XATTR_NTACL_NAME)

samba-tool ntacl set /home/dropbox/s2
Usage: samba-tool ntacl set <acl> <file> [options]

But I can't find that documented anywhere. Would I need to look in the
source to get a list of options? Basically I'm trying not to have to tie
up a windows box to do his stuff.

> Youneed to set the setfacl -m default:user:xxx folder for inheritance
> in linux but windows users will always use ntacls I believe
>
I've done a few ldbsearch's in /usr/local/samba/private but I can't find
anything to do with the dropbox share I have defined.

Any ideas?
Thanks
>
>
> On 02/16/2012 06:37 AM, steve wrote:
>> Hi
>> I'm trying to make a share called dropbox rw for members of a group.
>>
>> /usr/local/samba/etc/smb.conf
>> [global]
>> server role = domain controller
>> workgroup = CACTUS
>> realm = hh3.site
>> netbios name = HH3
>> passdb backend = samba4
>> template shell = /bin/bash
>> [netlogon]
>> path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
>> read only = No
>> [sysvol]
>> path = /usr/local/samba/var/locks/sysvol
>> read only = No
>> [home]
>> path = /home/CACTUS/%USERNAME%
>> read only = No
>> [profiles]
>> path = /home/CACTUS/profiles%USERNAME%
>> read only = No
>> [dropbox]
>> path = /home/dropbox
>> read only = No
>>
>> I have
>>
>> mkdir -m 0770 /home/dropbox
>> chown steve:debusers /home/dropbox
>> chmod g+s /home/dropbox/
>> setfacl -Rm g:debusers:rw,d:g:debusers:rw /home/dropbox/
>>
>> getfacl /home/dropbox/
>> getfacl: Removing leading '/' from absolute path names
>> # file: home/dropbox/
>> # owner: steve
>> # group: debusers
>> # flags: -s-
>> user::rwx
>> group::rwx
>> group:debusers:rw-
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:group::rwx
>> default:group:debusers:rw-
>> default:mask::rwx
>> default:other::---
>>
>> If I create a file in the share using touch (or right click on the share
>> > new in explorer), no problem:
>>
>> steve2@hh3:~$ touch /home/dropbox/hola
>> steve2@hh3:~$ ls -l /home/dropbox/hola
>> -rw-rw----+ 1 steve2 debusers 0 2012-02-16 12:11 /home/dropbox/hola
>>
>> But, if I create the file in my home folder (or the mapped home folder
>> drive on Windows) and then copy or drag it to the share, I don't get
>> group rw:
>> steve2@hh3:~$ touch hola2
>> steve2@hh3:~$ cp hola2 /home/dropbox/
>> steve2@hh3:~$ ls -la /home/dropbox/hola2
>> -rw-r-----+ 1 steve2 debusers 0 2012-02-16 12:12 /home/dropbox/hola2
>>
>> None of the smb.conf force group nor acl commands are recognised. I
>> could cron the setfacl as a workaround or get the users to chmod it to
>> 660 but, well. . .
>>
>> 1. Is it possible to copy a file to a folder and have it inherit the
>> parent folder permissions?
>> 2. How do you chmod 660 on windows?
>>
>> Thanks,
>> Steve
>>
>>
>>
>>
>>
>>
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Back to top
Aaron E.
External


Since: May 04, 2011
Posts: 9



PostPosted: Thu Feb 16, 2012 7:10 pm    Post subject: Re: [Samba] acl's, Samba4 and rw shares [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

If you apply ntacl to the share in windows you will not get this error
"ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No
data available') "
That is simply saying there are no extra ntacl settings applied to the
share.. If there were you would see them..

Unfortunately I cannot help with applying settings from the command
line, I was also trying to accomplish this to no avail.. I would suggest
setting share permissions through windows and then looking at them via
command line,, they are like nothing your going to want to work with.

I posed this question in samba-technical IRC, was advised that
samba-tool ntacl was more for scripting than actual management at this
point in time..


I believe you'll get better results with tieing up a windows box..

On 02/16/2012 12:31 PM, steve wrote:
> On 02/16/2012 03:48 PM, Aaron E. wrote:
>> The permissions are slightly different for s4, as in you will be
>> setting most of the folder perissions at the windows level. Youll need
>> to make sure that user_xattr and acl is enabled for the filesystem.
>>
> That seems OK:
> mount | grep xattr
> /dev/sda1 on / type ext4 (rw,errors=remount-ro,user_xattr,commit=0)
>> You can't really chmod per say, youll need to access the security tab
>> for the share and apply permissions you need at that level...
>>
>
>> you can view the permissions using the samba-tool for the share at the
>> nix level like so
>>
>> samba-tool ntacl folder/file
>>
>> you'll see this gives a bunch of jibberish but you will see it
>> working.. If you havn't assigned perms through windows yet it will
>> return stating no permissions or something to that effect..
>>
> I tried this:
> -rw-r----- 1 steve2 debusers 0 2012-02-16 14:47 /home/dropbox/s2
> samba-tool ntacl get /home/dropbox/s2
> ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data
> available')
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 162, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
> line 106, in run
> acl = getntacl(lp, file, xattr_backend, eadb_file)
> File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
> line 62, in getntacl
> xattr.XATTR_NTACL_NAME)
>
> samba-tool ntacl set /home/dropbox/s2
> Usage: samba-tool ntacl set <acl> <file> [options]
>
> But I can't find that documented anywhere. Would I need to look in the
> source to get a list of options? Basically I'm trying not to have to tie
> up a windows box to do his stuff.
>
>> Youneed to set the setfacl -m default:user:xxx folder for inheritance
>> in linux but windows users will always use ntacls I believe
>>
> I've done a few ldbsearch's in /usr/local/samba/private but I can't find
> anything to do with the dropbox share I have defined.
>
> Any ideas?
> Thanks
>>
>>
>> On 02/16/2012 06:37 AM, steve wrote:
>>> Hi
>>> I'm trying to make a share called dropbox rw for members of a group.
>>>
>>> /usr/local/samba/etc/smb.conf
>>> [global]
>>> server role = domain controller
>>> workgroup = CACTUS
>>> realm = hh3.site
>>> netbios name = HH3
>>> passdb backend = samba4
>>> template shell = /bin/bash
>>> [netlogon]
>>> path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
>>> read only = No
>>> [sysvol]
>>> path = /usr/local/samba/var/locks/sysvol
>>> read only = No
>>> [home]
>>> path = /home/CACTUS/%USERNAME%
>>> read only = No
>>> [profiles]
>>> path = /home/CACTUS/profiles%USERNAME%
>>> read only = No
>>> [dropbox]
>>> path = /home/dropbox
>>> read only = No
>>>
>>> I have
>>>
>>> mkdir -m 0770 /home/dropbox
>>> chown steve:debusers /home/dropbox
>>> chmod g+s /home/dropbox/
>>> setfacl -Rm g:debusers:rw,d:g:debusers:rw /home/dropbox/
>>>
>>> getfacl /home/dropbox/
>>> getfacl: Removing leading '/' from absolute path names
>>> # file: home/dropbox/
>>> # owner: steve
>>> # group: debusers
>>> # flags: -s-
>>> user::rwx
>>> group::rwx
>>> group:debusers:rw-
>>> mask::rwx
>>> other::---
>>> default:user::rwx
>>> default:group::rwx
>>> default:group:debusers:rw-
>>> default:mask::rwx
>>> default:other::---
>>>
>>> If I create a file in the share using touch (or right click on the share
>>> > new in explorer), no problem:
>>>
>>> steve2@hh3:~$ touch /home/dropbox/hola
>>> steve2@hh3:~$ ls -l /home/dropbox/hola
>>> -rw-rw----+ 1 steve2 debusers 0 2012-02-16 12:11 /home/dropbox/hola
>>>
>>> But, if I create the file in my home folder (or the mapped home folder
>>> drive on Windows) and then copy or drag it to the share, I don't get
>>> group rw:
>>> steve2@hh3:~$ touch hola2
>>> steve2@hh3:~$ cp hola2 /home/dropbox/
>>> steve2@hh3:~$ ls -la /home/dropbox/hola2
>>> -rw-r-----+ 1 steve2 debusers 0 2012-02-16 12:12 /home/dropbox/hola2
>>>
>>> None of the smb.conf force group nor acl commands are recognised. I
>>> could cron the setfacl as a workaround or get the users to chmod it to
>>> 660 but, well. . .
>>>
>>> 1. Is it possible to copy a file to a folder and have it inherit the
>>> parent folder permissions?
>>> 2. How do you chmod 660 on windows?
>>>
>>> Thanks,
>>> Steve
>>>
>>>
>>>
>>>
>>>
>>>
>>
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Back to top
steve
External


Since: Nov 07, 2011
Posts: 98



PostPosted: Thu Feb 16, 2012 7:10 pm    Post subject: Re: [Samba] acl's, Samba4 and rw shares [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

On 02/16/2012 07:06 PM, Aaron E. wrote:
> If you apply ntacl to the share in windows you will not get this error
> "ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No
> data available') "
> That is simply saying there are no extra ntacl settings applied to the
> share.. If there were you would see them..
>
> Unfortunately I cannot help with applying settings from the command
> line, I was also trying to accomplish this to no avail.. I would
> suggest setting share permissions through windows and then looking at
> them via command line,, they are like nothing your going to want to
> work with.
>
> I posed this question in samba-technical IRC, was advised that
> samba-tool ntacl was more for scripting than actual management at this
> point in time..
>
>
> I believe you'll get better results with tieing up a windows box..
>
> On 02/16/2012 12:31 PM, steve wrote:
>> On 02/16/2012 03:48 PM, Aaron E. wrote:
>>> The permissions are slightly different for s4, as in you will be
>>> setting most of the folder perissions at the windows level. Youll need
>>> to make sure that user_xattr and acl is enabled for the filesystem.
>>>
>> That seems OK:
>> mount | grep xattr
>> /dev/sda1 on / type ext4 (rw,errors=remount-ro,user_xattr,commit=0)
>>> You can't really chmod per say, youll need to access the security tab
>>> for the share and apply permissions you need at that level...
>>>
>>
>>> you can view the permissions using the samba-tool for the share at the
>>> nix level like so
>>>
>>> samba-tool ntacl folder/file
>>>
>>> you'll see this gives a bunch of jibberish but you will see it
>>> working.. If you havn't assigned perms through windows yet it will
>>> return stating no permissions or something to that effect..
>>>
>> I tried this:
>> -rw-r----- 1 steve2 debusers 0 2012-02-16 14:47 /home/dropbox/s2
>> samba-tool ntacl get /home/dropbox/s2
>> ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data
>> available')
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>> line 162, in _run
>> return self.run(*args, **kwargs)
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
>> line 106, in run
>> acl = getntacl(lp, file, xattr_backend, eadb_file)
>> File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
>> line 62, in getntacl
>> xattr.XATTR_NTACL_NAME)
>>
>> samba-tool ntacl set /home/dropbox/s2
>> Usage: samba-tool ntacl set <acl> <file> [options]
>>
>> But I can't find that documented anywhere. Would I need to look in the
>> source to get a list of options? Basically I'm trying not to have to tie
>> up a windows box to do his stuff.
>>
>>> Youneed to set the setfacl -m default:user:xxx folder for inheritance
>>> in linux but windows users will always use ntacls I believe
>>>
>> I've done a few ldbsearch's in /usr/local/samba/private but I can't find
>> anything to do with the dropbox share I have defined.
>>
>> Any ideas?
>> Thanks
>>>
>>>
>>> On 02/16/2012 06:37 AM, steve wrote:
>>>> Hi
>>>> I'm trying to make a share called dropbox rw for members of a group.
>>>>
>>>> /usr/local/samba/etc/smb.conf
>>>> [global]
>>>> server role = domain controller
>>>> workgroup = CACTUS
>>>> realm = hh3.site
>>>> netbios name = HH3
>>>> passdb backend = samba4
>>>> template shell = /bin/bash
>>>> [netlogon]
>>>> path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
>>>> read only = No
>>>> [sysvol]
>>>> path = /usr/local/samba/var/locks/sysvol
>>>> read only = No
>>>> [home]
>>>> path = /home/CACTUS/%USERNAME%
>>>> read only = No
>>>> [profiles]
>>>> path = /home/CACTUS/profiles%USERNAME%
>>>> read only = No
>>>> [dropbox]
>>>> path = /home/dropbox
>>>> read only = No
>>>>
>>>> I have
>>>>
>>>> mkdir -m 0770 /home/dropbox
>>>> chown steve:debusers /home/dropbox
>>>> chmod g+s /home/dropbox/
>>>> setfacl -Rm g:debusers:rw,d:g:debusers:rw /home/dropbox/
>>>>
>>>> getfacl /home/dropbox/
>>>> getfacl: Removing leading '/' from absolute path names
>>>> # file: home/dropbox/
>>>> # owner: steve
>>>> # group: debusers
>>>> # flags: -s-
>>>> user::rwx
>>>> group::rwx
>>>> group:debusers:rw-
>>>> mask::rwx
>>>> other::---
>>>> default:user::rwx
>>>> default:group::rwx
>>>> default:group:debusers:rw-
>>>> default:mask::rwx
>>>> default:other::---
>>>>
>>>> If I create a file in the share using touch (or right click on the
>>>> share
>>>> > new in explorer), no problem:
>>>>
>>>> steve2@hh3:~$ touch /home/dropbox/hola
>>>> steve2@hh3:~$ ls -l /home/dropbox/hola
>>>> -rw-rw----+ 1 steve2 debusers 0 2012-02-16 12:11 /home/dropbox/hola
>>>>
>>>> But, if I create the file in my home folder (or the mapped home folder
>>>> drive on Windows) and then copy or drag it to the share, I don't get
>>>> group rw:
>>>> steve2@hh3:~$ touch hola2
>>>> steve2@hh3:~$ cp hola2 /home/dropbox/
>>>> steve2@hh3:~$ ls -la /home/dropbox/hola2
>>>> -rw-r-----+ 1 steve2 debusers 0 2012-02-16 12:12 /home/dropbox/hola2
>>>>
>>>> None of the smb.conf force group nor acl commands are recognised. I
>>>> could cron the setfacl as a workaround or get the users to chmod it to
>>>> 660 but, well. . .
>>>>
>>>> 1. Is it possible to copy a file to a folder and have it inherit the
>>>> parent folder permissions?
>>>> 2. How do you chmod 660 on windows?
>>>>
>>>> Thanks,
>>>> Steve
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>
> Hi
Thanks for taking the time to explain this. Just thinking out loud, but
since windows will be storing stuff on an ext4 filesystem, whatever the
ntacl does must be doable in Linux too no? Or am I missing the point
here? Anyway, the next stage is to find where to set the ntacl from the
windows side. Is it a case of searching or is it buried deep inside the
registry somewhere?

BTW, we have setup the S4 users with posix attrs and files are stored
correctly on both Linux and windows. We map via nss-pam-ldapd on Linux.
Not set any ntacls there, so far that is since we've only just started
to experiment with rw shares..
Cheers,
Steve

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Back to top
Aaron E.
External


Since: May 04, 2011
Posts: 9



PostPosted: Thu Feb 16, 2012 8:10 pm    Post subject: Re: [Samba] acl's, Samba4 and rw shares [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Setting the Permissions in windows is easy, browse to your server like
so..start> run \\server

right click share > properties,> security tab -- if your unfamiliar
with windows permissions I would read up on those..

being doable in linux,, hmm I'm sure it is but as I said I would create
a share change windows permissions and look at them through linux, do
that and you'll get the idea of what I'm talking about...

Someone can correct me here if I step out of bounds but I don't think
the samba team has gotten this far yet to make the samba-tool ntacl tree
practical to use..

as far as how the perms are shared is relative to file-system support,
that's what the user_xattr support on the mount point is for.. so it
adds the support for the Linux mount to store the NTACLS ,

>>>
>> Hi
> Thanks for taking the time to explain this. Just thinking out loud, but
> since windows will be storing stuff on an ext4 filesystem, whatever the
> ntacl does must be doable in Linux too no? Or am I missing the point
> here? Anyway, the next stage is to find where to set the ntacl from the
> windows side. Is it a case of searching or is it buried deep inside the
> registry somewhere?
>
> BTW, we have setup the S4 users with posix attrs and files are stored
> correctly on both Linux and windows. We map via nss-pam-ldapd on Linux.
> Not set any ntacls there, so far that is since we've only just started
> to experiment with rw shares..
> Cheers,
> Steve
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Back to top
steve
External


Since: Nov 07, 2011
Posts: 98



PostPosted: Fri Feb 17, 2012 7:10 pm    Post subject: Re: [Samba] acl's, Samba4 and rw shares [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Hi Aaron, hi everyone

We gave it a go. And yes, we had a little chuckle wrt your references as
to the output of samba-tool ntacl.
We still have not sorted it 100% but at least it's workable. One of the
conclusions we came to was that we don't think Samba4 is taking the acl
from the disk. Here are our findings which of course, include the output
from ntacl (worth a click just to see that!):
http://linuxcostablanca.blogspot.com/2012/02/samba4-shares.html

If anyone can help pleeeez post.
Thanks for your patience,
Steve

On 16/02/12 19:39, Aaron E. wrote:
> Setting the Permissions in windows is easy, browse to your server like
> so..start> run \\server
>
> right click share > properties,> security tab -- if your unfamiliar
> with windows permissions I would read up on those..
>
> being doable in linux,, hmm I'm sure it is but as I said I would
> create a share change windows permissions and look at them through
> linux, do that and you'll get the idea of what I'm talking about...
>
> Someone can correct me here if I step out of bounds but I don't think
> the samba team has gotten this far yet to make the samba-tool ntacl
> tree practical to use..
>
> as far as how the perms are shared is relative to file-system support,
> that's what the user_xattr support on the mount point is for.. so it
> adds the support for the Linux mount to store the NTACLS ,
>
>>>>
>>> Hi
>> Thanks for taking the time to explain this. Just thinking out loud, but
>> since windows will be storing stuff on an ext4 filesystem, whatever the
>> ntacl does must be doable in Linux too no? Or am I missing the point
>> here? Anyway, the next stage is to find where to set the ntacl from the
>> windows side. Is it a case of searching or is it buried deep inside the
>> registry somewhere?
>>
>> BTW, we have setup the S4 users with posix attrs and files are stored
>> correctly on both Linux and windows. We map via nss-pam-ldapd on Linux.
>> Not set any ntacls there, so far that is since we've only just started
>> to experiment with rw shares..
>> Cheers,
>> Steve
>>
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Back to top
steve
External


Since: Nov 07, 2011
Posts: 98



PostPosted: Mon Mar 05, 2012 11:10 pm    Post subject: Re: [Samba] acl's, Samba4 and rw shares [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

On 16/02/12 19:39, Aaron E. wrote:
> Setting the Permissions in windows is easy, browse to your server like
> so..start> run \\server
>
> right click share > properties,> security tab -- if your unfamiliar with
> windows permissions I would read up on those..
>
> being doable in linux,, hmm I'm sure it is but as I said I would create
> a share change windows permissions and look at them through linux, do
> that and you'll get the idea of what I'm talking about...
>
> Someone can correct me here if I step out of bounds but I don't think
> the samba team has gotten this far yet to make the samba-tool ntacl tree
> practical to use..
>
> as far as how the perms are shared is relative to file-system support,
> that's what the user_xattr support on the mount point is for.. so it
> adds the support for the Linux mount to store the NTACLS ,
>

Hi again
I dug a little deeper by setting the acl on windows and then
successfully transferring to another:

samba-tool ntacl get --as-sddl sd
O:S-1-5-21-443838659-2890314986-1722269781-500G:S-1-5-21-443838659-2890314986-1722269781-1118D:(A;;0x001f01ff;;;SY)(A;OICI;0x001301bf;;;S-1-5-21-443838659-2890314986-1722269781-1118)(A;OICI;0x001f01ff;;;S-1-5-21-443838659-2890314986-1722269781-500)

samba-tool ntacl set
"O:S-1-5-21-443838659-2890314986-1722269781-500G:S-1-5-21-443838659-2890314986-1722269781-1118D:(A;;0x001f01ff;;;SY)(A;OICI;0x001301bf;;;S-1-5-21-443838659-2890314986-1722269781-1118)(A;OICI;0x001f01ff;;;S-1-5-21-443838659-2890314986-1722269781-500)"
sd2
Unknown parameter encountered: "secrets database"

Don't know about the error but it works:-)

Also, it's now possible to create a share the old way:
[hotel]
path = /home/CACTUS/hotel
read only = No
create mask = 0770
the latter method!
Cheers,
Steve
That does the same thing. I tend to favour

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Samba All times are: Eastern Time (US & Canada)
Page 1 of 1

 
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum