Ce scrie in fstab ? Sigur e montat cu ACL-uri fs-ul ? Dupa #mount -o remount,acl /partition merge ?
La ce iti trebe username map = /etc/samba/smbusers ??? Chiar ai mapari acolo ? In rest pare sa fie ok ... humm. Daca nici la astea doua nu merge pun o masina virtuala cu un RHEL sa testez si eu, ca prea e ciudat, poate e samba lor compilata fara acl-uri, desi ma indoiesc. Deci un share la mine ( #cat /etc/issue Ubuntu 8.04.1 #smbd --version Version 3.0.28a ) : [TEST] comment = De test path = /data/BACKUP/test nt acl support = yes force create mode = 0664 force directory mode = 0775 create mode = 0664 directory mode = 0775 read only = No guest ok = No valid users = mraluca paulm read list = mraluca paulm writelist = mraluca paulm inherit acls = yes inherit permissions = yes map acl inherit = yes writeable = yes printable = no merge as expected. Ba chiar merge sa faci un director, sa-i modifici ACL-ul din windoza si apoi ce e creat in el sa mosteneasca. I'aca cia : # mount -o remount,acl /dev/mapper/data2-transfer (sa fim siguri, nu) # mkdir /data/BACKUP/test/kkk/ # cd /data/BACKUP/test/ Punem niscai ACL-uri la duma : # setfacl -m u:mraluca:rwx ./kkk/ # setfacl -m u:paulm:r ./kkk/ # cd ./kkk/ # chmod 777 . # getfacl . # file: . # owner: root # group: root user::rwx user:mraluca:rwx user:paulm:r-- group::r-x mask::rwx other::r-x Dupa crearea fisierului de pe o windoza cu userul mraluca. # getfacl ./kkk2.txt # file: kkk2.txt # owner: mraluca # group: Domain\040Users user::rwx user:mraluca:rwx user:paulm:r-- group::rwx mask::rwx other::r-- Si as expected, userul paulm nu poate decat sa-l citeasca. ACL-urile au fost mostenite. Ceea ce e ciudat e ca imi ignora (force) create mask daca am inherit acls on. Muje. Uite cu inherit acls off si apoi on si cu inherit permissions off, dar cu force create mask si create mask on in ambele cazuri : -rw-rw-r-- 1 mraluca Domain Users 0 2010-10-29 22:29 kkk5.txt -rwxrwxr--+ 1 mraluca Domain Users 0 2010-10-29 22:29 kkk6.txt Se pare ca inherit permissions on sau ACLs inherit on inseamna ca s-au dus vietii toate mask-urile. In rest merge as advertised, desi sincer ma seaca ca nu pot scoate bitul executabil de pe fisiere cu force create mask. Deci intrebarea e : Mai e v-o duma care poate fi facuta sa ai x pe director, dar sa nu ai/poti pune x pe fisierele care inherit (ca asa cum am spus, daca ai ACL inherit mask si/sau inherit permissions, mask/ force mask sunt degeaba) ? Nu stiu daca te incurca sau nu aceasta constatare. Recunosc ca n-am folosit inherit, si nu stiam cum se comporta, si de obicei folosesc read list si write list pentru "permisiuni", da' a fost fun sa ma distrez cu acl-uri si sa vad cum se comporta. Share-urile mele au doar nt acl support = yes si map acl inherit = yes, mai mult de amorul artei, si pana acu au fost suficiente, sau mai exact degeaba. Bine poti monta partitia cu noexec, dar ma gandeam la ceva mai frumos. M-am uitat prin VFS-uri, si n-am gasit nimic util, sau poate nu m-am uitat eu bine. PS : Posibil sa-ti fie de folos si acl group control = yes. Mi-a fost lene sa testez daca merge as advertised, enough for today. Folosesc LDAP ca backend, da nu cred ca e v-o diferenta la sharing daca folosesti tdbsam in afara de cum creezi userii. read list si write list nu cred ca sunt musai in cazul asta, maskurile dupa cum am zis sunt ignorate, dar old habits die hard ;) ... Spor. D.B. George Pochiscan wrote: > Salutare, > > Nu se intampla nimic in modul sugerat de tine. Serverul ruleaza pe un RHEL 5 > cu toate actualizarile la zi. > > Mai jos trimit configurarea samba : > > > [global] > ; workgroup = WORKGROUP > netbios name = ***** > server string = ***** > security = user > > update encrypted = Yes > # passdb backend = tdbsam > # root directory = /var/date > > guest account = nobody > pam password change = Yes > unix password sync = yes > passwd program = /usr/bin/passwd %u > passwd program = /usr/sbin/passwd %u > unix password sync = Yes > > admin users = *****, ***** > username map = /etc/samba/smbusers > acl group control = Yes > add user script = /usr/sbin/useradd %u > > # LOG OPTIONS > log level = 5 > > [homes] > > comment = Home Directories > browseable = no > > [DATE] > comment = ****** Content > path = /var/date/Projects > read only = No > guest only = No > guest ok = No > public = No > valid users = @samba_users > > inherit acls = yes > inherit permissions = yes > map acl inherit = yes > nt acl support = yes > writeable = yes > printable = no > > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > browseable = No > > > > >> Message: 1 >> Date: Wed, 27 Oct 2010 13:59:06 +0300 >> From: Bucatarul <sarmaledev...@gmail.com> >> Subject: Re: [rlug] Probleme Share Samba >> To: Romanian Linux Users Group <rlug@lists.lug.ro> >> Message-ID: <4cc805fa.2080...@gmail.com> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed >> >> Ce versiune de samba foloseti ? >> >> M-am uitat si pe la mine pa-n configi. >> >> Fara acls poti s-o rezolvi asa (unless export magaoaia si nfs/altceva eu asa >> fac) >> : >> >> read list = bla blo @vla >> write list = @vla bla >> create mask = 0666 >> directory mask = 0777 >> >> force create mode = 0666 >> force directory mode = 0777 >> >> >> >> >> Cu acl's ... din cate stiu iti trebe : >> >> nt acl support = yes >> inherit permissions = yes >> inherit acls = yes >> map acl inherit = yes >> >> Si multa rabdare la creat acl-urile. Ma gandesc ca poate n-ai nt acl support >> = >> yes pe nicaieri, si d-asta nu merge (map acl inherit face ca si windblows sa >> le >> vada, ma indoiec ca e cauza principala ). >> >> >> D.B. >> >> >> >> >> George Pochiscan wrote: >> >>> Salut, >>> >>> >>> Am instalat un server de samba. Problema consta in accesul userilor pe >>> >> anumite foldere din cadrul Shareului. Accesul pe folderele din share se face >> in functie de grupurile in care apartin userii. >> >>> Atunci cand creez/copiez un fisier in unul din foldere doar userul care il >>> >> creeaza are acces de a-l modifica, nu si ceilalti din grupul care access pe >> acel >> folder. >> >>> Configurare Share : >>> [DATE] >>> comment = Date >>> path = /var/date/Projects >>> read only = No >>> guest only = no >>> guest ok = No >>> public = No >>> valid users = @samba_users >>> inherit acls = yes >>> inherit permissions = yes >>> writeable = yes >>> printable = no >>> >>> fisier : test.txt >>> >>> # file: test.txt >>> # owner: aaa >>> # group: samba_users >>> user::rwx >>> group::r-x >>> other::r-x >>> >>> >>> ACL pe folderul in care am copiat fisierul test.txt : >>> >>> # file: 1stfolder >>> # owner: xxx >>> # group: samba_users >>> user::rwx >>> group::rwx >>> group:grp_test1:rwx >>> group:grp_test1_r:r-x >>> mask::rwx >>> other::r-x >>> >>> >>> userii aaa si xxx fac parte din grupul grp_test1 dar si din alte grupuri, nu >>> >> toate fiind comune. >> >>> Ce as putea sa fac pentru a rezolva problema aceasta? >>> >>> >>> Multumesc, >>> >>> George >>> >>> > > This message (including any attachments) is intended only for > the use of the individual or entity to which it is addressed and > may contain information that is non-public, proprietary, > privileged, confidential, and exempt from disclosure under > applicable law or may constitute as attorney work product. > If you are not the intended recipient, you are hereby notified > that any use, dissemination, distribution, or copying of this > communication is strictly prohibited. If you have received this > communication in error, notify us immediately by telephone and > (i) destroy this message if a facsimile or (ii) delete this message > immediately if this is an electronic communication. > > Thank you. > _______________________________________________ > RLUG mailing list > RLUG@lists.lug.ro > http://lists.lug.ro/mailman/listinfo/rlug > _______________________________________________ RLUG mailing list RLUG@lists.lug.ro http://lists.lug.ro/mailman/listinfo/rlug
