subject:"\[Samba\] Re\: ACLs with Problem"

RES: RES: RES: RES: [Samba] Re: ACLs with Problem

2005-09-28 Thread Luis Henrique de Faria Guimarães

I have an environment to make test.  I go to try to mount a partition xfs in 
this server of test.  I thank its help.

-Mensagem original-
De: Paul Kölle [mailto:[EMAIL PROTECTED]
Enviada em: quarta-feira, 28 de setembro de 2005 10:53
Para: Luis Henrique de Faria Guimarães
Assunto: Re: RES: RES: RES: [Samba] Re: ACLs with Problem


Luis Henrique de Faria Guimarães wrote:
 I forgive me Paul, not wise person.  Well, the samba was compiled with 
 support ACL, look out command:
 [EMAIL PROTECTED] source]# strings $(which smbd) | grep HAVE_POSIX_ACLS
HAVE_POSIX_ACLS
 I didn't find no fail when I compiled the samba.  I go to send for you my 
 file configure.log
Looks ok to me. One thing to try would be testing with another
filesystem. It seems you have XFS headers installed and samba recognised
them. If your kernel supports XFS or you have support as a module you
could try creating a small XFS partition (could be done in a file and
mounted with loopback, no need for a real partition then). I've used XFS
as an FS for samba and have had good results. You dont need to pass
special mount options as ACLs are enabled by default on XFS.

hth
 Paul
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RES: RES: [Samba] Re: ACLs with Problem

2005-09-27 Thread Paul Kölle

Luis Henrique de Faria Guimarães wrote:
 [2005/09/26 17:11:53, 3] 
 smbd/posix_acls.c:convert_canon_ace_to_posix_perms(2581)
   convert_canon_ace_to_posix_perms: Too many ACE entries for file teste.txt 
 to convert to posix perms.
I wonder why convert_canon_ace_to_posix_perms is called with an
file_ace_list with more than three canon_ace elements. set_nt_acl should
never call convert_canon_ace_to_posix_perms that way. I guess it fails
because you have an ACL_USER_OBJ which makes the file_ace_list longer
than three entries but for some reason set_nt_acl thinks it cannot use
set_canon_ace_list.

I just start to read the code so maybe someone who really knows what's
going on could clear this up a bit.

hth
 Paul

BTW: check your samba binary for ACL support, could be that ./configure
failed to pick up some libs or headers and the whole feature is not
present. Use strings $(which smbd) | grep HAVE_POSIX_ACLS. If you
don't get anything back your binary lacks ACL support.

PS: Try not to start a new thread with each response and please keep
your replies on the list.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RES: RES: [Samba] Re: ACLs with Problem

2005-09-26 Thread Luis Henrique de Faria Guimarães

Paul,



1. Which user is logged on the the windows workstation trying to modify
a file on the samba share?
Henrique are user, this user is in the list of administrators of the samba, but 
he is not administrator of the PDC (windows 2003).
It looks at the parameters below of smb.conf:
 admin users = corniani, administrator, henrique

2. What are the ACLs on that file before you try to change them and what
are they after the operation failed?
Are the ACLs on that file before:
[EMAIL PROTECTED] teste]# getfacl teste.txt
# file: teste.txt
# owner: root
# group: Domain Users
user::rwx
user:henrique:rw-
group::r--
mask::rw-
other::r--

After:
[EMAIL PROTECTED] teste]# getfacl teste.txt
# file: teste.txt
# owner: root
# group: Domain Users
user::rwx
user:henrique:rw-
group::r--
mask::rw-
other::r--

Nothing one gets excited after the failed.

3. What is the output of the samba log when you try to change ACLs on
the file?

Look my big logs:

  unix_mode(teste.txt) returning 0744
[2005/09/26 17:11:44, 2] smbd/open.c:open_file(372)
  henrique opened file teste.txt read=No write=No (numopen=2)
[2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114)
  Transaction 156 of length 88
[2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900)
  switch message SMBnttrans (pid 1361) conn 0x8033e238
[2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1965)
  call_nt_transact_query_security_desc: file = teste.txt, info_wanted = 0x4
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1992)
  call_nt_transact_query_security_desc: sd_size = 120.
[2005/09/26 17:11:44, 3] smbd/error.c:error_packet(147)
  error packet at smbd/nttrans.c(95) cmd=160 (SMBnttrans) 
NT_STATUS_BUFFER_TOO_SMALL
[2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114)
  Transaction 157 of length 88
[2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900)
  switch message SMBnttrans (pid 1361) conn 0x8033e238
[2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1965)
  call_nt_transact_query_security_desc: file = teste.txt, info_wanted = 0x4
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1992)
  call_nt_transact_query_security_desc: sd_size = 120.
[2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114)
  Transaction 158 of length 92
[2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900)
  switch message SMBntcreateX (pid 1361) conn 0x8033e238
[2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0
[2005/09/26 17:11:44, 3] smbd/dosmode.c:unix_mode(121)
  unix_mode(.) returning 0744
[2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114)
  Transaction 159 of length 88
[2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900)
  switch message SMBnttrans (pid 1361) conn 0x8033e238
[2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1965)
  call_nt_transact_query_security_desc: file = ., info_wanted = 0x4
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1992)
  call_nt_transact_query_security_desc: sd_size = 120.
[2005/09/26 17:11:44, 3] smbd/error.c:error_packet(147)
  error packet at smbd/nttrans.c(95) cmd=160 (SMBnttrans) 
NT_STATUS_BUFFER_TOO_SMALL
[2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114)
  Transaction 160 of length 88
[2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900)
  switch message SMBnttrans (pid 1361) conn 0x8033e238
[2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1965)
  call_nt_transact_query_security_desc: file = ., info_wanted = 0x4
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1992)
  call_nt_transact_query_security_desc: sd_size = 120.
[2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114)
  Transaction 161 of length 45
[2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900)
  switch message SMBclose (pid 1361) conn 0x8033e238
[2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0
[2005/09/26 17:11:44, 3] smbd/reply.c:reply_close(3233)
  close directory fnum=8243
[2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114)
  Transaction 162 of length 88
[2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900)
  switch message SMBnttrans (pid 1361) conn 0x8033e238
[2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0
[2005/09/26 17:11:44, 3]

Re: RES: [Samba] Re: ACLs with Problem

2005-09-25 Thread Paul Kölle

Luis Henrique de Faria Guimarães wrote:
 I believe that you it did not understand my explanation.  I have a Linux 
 server executing samba intergrated 
 with a server windows 2003 (PDC).  Linux is using the users of windows 2003 
 saw winbind.  But, the permissions 
 for these of archive do not function.  When I try to change the permissions 
 of an archive in the sharing of the
 samba, it I do not function.  The part of ACL of the samba is not 
 functioning, you understood me.
What you are saying is, it does not work as you think it should. The
getfacl output you showed seems to indicate that ACLs are working on the
linux side, so far so good. Then you say permissions are not correct
from windows explorer and you cannot set them correctly. To identify the
underlying problem you need to provide more details.

1. Which user is logged on the the windows workstation trying to modify
a file on the samba share?

2. What are the ACLs on that file before you try to change them and what
are they after the operation failed?

3. What is the output of the samba log when you try to change ACLs on
the file?

hth
 Paul


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RES: [Samba] Re: ACLs with Problem

2005-09-23 Thread Luis Henrique de Faria Guimarães

I believe that you it did not understand my explanation.  I have a Linux server 
executing samba intergrated with a server windows 2003 (PDC).  Linux is using 
the users of windows 2003 saw winbind.  But, the permissions for these of 
archive do not function.  When I try to change the permissions of an archive in 
the sharing of the samba, it I do not function.  The part of ACL of the samba 
is not functioning, you understood me.
The command getfacl sample that support ACL is functioning in the server linux. 
 It sees my /etc/fstab:
LABEL=/ /   ext3defaults,acl1 1
LABEL=/boot /boot   ext3defaults1 2
LABEL=/data /data   ext3defaults,acl1 2
none/dev/ptsdevpts  gid=5,mode=620  0 0
none/proc   procdefaults0 0
none/dev/shmtmpfs   defaults0 0
/dev/cciss/c0d0p2   swapswapdefaults0 0
/dev/cdrom  /mnt/cdrom  udf,iso9660 
noauto,owner,kudzu,ro 0 0
/dev/fd0/mnt/floppy autonoauto,owner,kudzu 0 0

You can help this problem me?

Luís Henrique
-Mensagem original-
De: paul kölle [mailto:[EMAIL PROTECTED]
Enviada em: quinta-feira, 22 de setembro de 2005 13:15
Para: samba@lists.samba.org
Assunto: [Samba] Re: ACLs with Problem


Luis Henrique de Faria Guimarães wrote:
 With this configuration the users of the PDC (windows 2003) are 
 authenticantion way telnet 
 without problem.  However, the ACL do not function.  They see the exit with 
 command getfacl teste.txt:
 
 [EMAIL PROTECTED] teste]# getfacl teste.txt
 # file: teste.txt
 # owner: root
 # group: Domain Users
 user::rwx
 user:henrique:rw-
 group::r--
 mask::rw-
 other::r--
Can you please describe what you expected to see here and why?

 
 The user henrique appears in linux, but he does not appear in windows.
Then I'd say he's a linux user and not from AD via winbind right?

 When I try to add permissions through windows appears a message of denied 
 access.
If that is a correct result largely depends which user is logged in to
the windows workstation. It would be helpful if you set samba to a
moderate debug level, and provide the relevant logs generated when the
desired operation(s) fail.


hth
 Paul


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RES: [Samba] Re: ACLs with Problem

2005-09-23 Thread Paul Kölle

Luis Henrique de Faria Guimarães wrote:
 I believe that you it did not understand my explanation.  I have a Linux 
 server executing samba intergrated 
 with a server windows 2003 (PDC).  Linux is using the users of windows 2003 
 saw winbind.  But, the permissions 
 for these of archive do not function.  When I try to change the permissions 
 of an archive in the sharing of the
 samba, it I do not function.  The part of ACL of the samba is not 
 functioning, you understood me.
What you are saying is, it does not work as you think it should. The
getfacl output you showed seems to indicate that ACLs are working on the
linux side, so far so good. Then you say permissions are not correct
from windows explorer and you cannot set them correctly. To identify the
underlying problem you need to provide more details.

1. Which user is logged on the the windows workstation trying to modify
a file on the samba share?

2. What are the ACLs on that file before you try to change them and what
are they after the operation failed?

3. What is the output of the samba log when you try to change ACLs on
the file?

hth
 Paul



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: ACLs with Problem

2005-09-22 Thread paul kölle

Luis Henrique de Faria Guimarães wrote:
 With this configuration the users of the PDC (windows 2003) are 
 authenticantion way telnet 
 without problem.  However, the ACL do not function.  They see the exit with 
 command getfacl teste.txt:
 
 [EMAIL PROTECTED] teste]# getfacl teste.txt
 # file: teste.txt
 # owner: root
 # group: Domain Users
 user::rwx
 user:henrique:rw-
 group::r--
 mask::rw-
 other::r--
Can you please describe what you expected to see here and why?

 
 The user henrique appears in linux, but he does not appear in windows.
Then I'd say he's a linux user and not from AD via winbind right?

 When I try to add permissions through windows appears a message of denied 
 access.
If that is a correct result largely depends which user is logged in to
the windows workstation. It would be helpful if you set samba to a
moderate debug level, and provide the relevant logs generated when the
desired operation(s) fail.


hth
 Paul

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RES: RES: RES: RES: [Samba] Re: ACLs with Problem

Re: RES: RES: [Samba] Re: ACLs with Problem

RES: RES: [Samba] Re: ACLs with Problem

Re: RES: [Samba] Re: ACLs with Problem

RES: [Samba] Re: ACLs with Problem

Re: RES: [Samba] Re: ACLs with Problem

[Samba] Re: ACLs with Problem

7 matches

Site Navigation

Mail list logo

Footer information