I believe that XFS is setup for ACL by default getfacl yo.txt # file: yo.txt # owner: root # group: root user::rw- user:admin1:rwx user:jon:r-- group::r-- mask::rwx other::r--
Seems like that is all working. -----Original Message----- From: samba-bounces+clinton=hitcents....@lists.samba.org [mailto:samba-bounces+clinton=hitcents....@lists.samba.org] On Behalf Of Collen Blijenberg Sent: Friday, January 30, 2009 3:01 AM To: samba@lists.samba.org Subject: Re: [Samba] ACL Did you also setup ACL in your fstab ?? the mounted partition needs acl to make samba use it. Cheers, Collen Clinton Mills wrote: > Hi samba group, > > > > I'm trying to get samba to act like Windows in the Security tab (to be able > to add, remove, and modify ACLs on certain files/folders). We are running > Centos 5.2 (2.6.18-92.1.22.el5) with XFS installed for the /share partition. > > > > I currently have these versions of samba installed: > > samba-3.0.28-1.el5_2.1 > > samba-common-3.0.28-1.el5_2.1 > > > > I am pretty sure the ACL is all setup and working correctly. I can maintain > ACL from Linux and I can even see them in the security tab for windows. I > can also remove users from the security tab in Windows. > > > > These are the things I need help with > > . When I try and add a user it ask me for a username and password. I > cannot get this to accept my password. > > . When I first load up the security tab it shows a long number > "S-1-5-21-..." This screen takes a while to change these numbers to names. > Is there a way to speed this up? > > . Is there a way to restrict people from adding them self to > files/folder they do not have access to? > > > > I have looked all over and cannot find clear instructions on how to set ACL > up in a user environment. If you could point me to one of these documents > that would be very helpful. > > > > We currently have Samba setup to work without a domain. I have read on other > websites that this is not a good idea: > > > > One problem with Samba ACL support is that listing users to use for access > control entries (ACEs) within ACLs can be troublesome. Specifically, if > you're using Samba in a standalone mode (i.e., configured with "user" > security mode), Windows 2000 and Windows XP users might not be able to > consistently list Samba users when configuring an ACL. > > > > We really don't have the option of doing a PDC. Is this a bad idea to try > and get this to work without using PDC? > > > > smbd -b | grep ACL > > HAVE_SYS_ACL_H > > HAVE_ACL_LIBACL_H > > HAVE_POSIX_ACLS > > > > smb.conf > > [global] > > > > > > passdb backend = tdbsam > > > > add user script = /usr/sbin/useradd -m %u > > delete user script = /usr/sbin/userdel -r %u > > add group script = /usr/sbin/groupadd %g > > delete group script = /usr/sbin/groupdel %g > > add user to group script = /usr/sbin/groupmod -A %u %g > > delete user from group script = /usr/sbin/groupmod -R %u %g > > add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u > > > > security = user > > encrypt passwords = yes > > > > preferred master = Yes > > domain master = Yes > > domain logons = Yes > > > > debuglevel = 3 > > > > workgroup = Workgroup > > workgroup = temp > > netbios name = hitsnap > > bind interfaces only = True > > interfaces = eth1 lo > > > > max disk size = 990000 ;some programs (like PS7) can't deal with more than > 1TB > > > > allow hosts = 192.168.0.0/16 > > socket options = TCP_NODELAY > > server string = Hitsnap > > smb ports = 139 > > > > syslog = 0 > > log level = 2 > > log file = /var/log/samba/log.%m > > > > vfs objects = recycle > > > > client ntlmv2 auth = yes > > ;recycle:repository = .recycle > > ;recycle:keeptree = Yes > > ;recycle:versions = Yes > > ;recycle:touch = Yes > > > > [netlogon] > > path = /var/lib/samba/netlogon > > read only = yes > > > > > > > > [homes] > > read only = no > > browseable = no > > > > [share1] > > ;minauth=none > > path = /share/hdrive/share1 > > read only = no > > browseable = yes > > writable = yes > > admin users = admin1 > > valid users = admin1 > > public = no > > create mask = 0777 > > directory mask = 0777 > > nt acl support = yes > > acl map full control = yes > > > > dont descend = .recycle > > > > Thanks > > Clinton Mills > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba