RE: [Samba] Samba and Windows ACL Issue
On 3 Jun 2005 at 10:19, Ross McInnes wrote: Heh. Well I see the Administrator and Domain Admins and Everyone bits Nothing about adding the user ross to it. Also when I try and add another person, it still comes up access denied :/ Hi Ross, Tony and others, I come back on this to see if you found a way to add on a file specific permissions for an additional user. I still can't from W2K/XP but well from WNT. At the beginning (years ago on Samba = 2.2.5) it worked with W2K too but, probably (?) since a SP or patch was applied, it stopped working. An upgrade to Samba 3.0.10 (compiled by sunfreeware.com) did not help. I patched (see http://lists.samba.org/archive/samba/2005-April/104062.html) and compiled 3.0.14a myself and it still doesn't work. There is no obvious error message in the log, I've read documents for days, tried so many options... I'm really lost now. Using smbcacls (samba 2.2.12 from another host or 3.0.14a from the localhost) I can view the permissions on a file, and I can add a user with permissions to the list, the ACLs get updated. From a W2K or WNT, using cacls I can display the permissions, although I do not see the user names but rather Account Domain not found. Updating the permissions does not work: C:\ cacls file /G username:R No mapping between account names and security IDs was done. From the explorer of Windows (and additional setup info) see my previous message: http://lists.samba.org/archive/samba/2005-June/107543.html Note that from the explorer of W2K/XP I can change *existing* permissions of users but I cannot add a user to the list. So my only last (weird) possibility is to setup default ACLs on directories for all possible users and to add missing users to existing files with setfacl !!! Thanks Pierre Cheers Ross -Original Message- From: Tony Earnshaw [mailto:[EMAIL PROTECTED] Sent: 02 June 2005 16:02 To: Ross McInnes Cc: samba@lists.samba.org Subject: RE: [Samba] Samba and Windows ACL Issue tor, 02.06.2005 kl. 15.46 skrev Ross McInnes: Ah... I can use setfacl setfacl -m user:ross:rwx crap Getfacl shows that ross has rwx perms too. However, its not reported back into windows, i.e security permissions for the file crap still shows administrator/domain admins :/ also when I try and add another user, still nothing. But progress! Ok. Now for the last attempt: right click on file crap, security tab, advanced button, try it from one of the tabs there (I've fscked my only Win XP Pro test m/c here, so can't try it for you). --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
Heh. Well I see the Administrator and Domain Admins and Everyone bits Nothing about adding the user ross to it. Also when I try and add another person, it still comes up access denied :/ Cheers Ross -Original Message- From: Tony Earnshaw [mailto:[EMAIL PROTECTED] Sent: 02 June 2005 16:02 To: Ross McInnes Cc: samba@lists.samba.org Subject: RE: [Samba] Samba and Windows ACL Issue tor, 02.06.2005 kl. 15.46 skrev Ross McInnes: Ah... I can use setfacl setfacl -m user:ross:rwx crap Getfacl shows that ross has rwx perms too. However, its not reported back into windows, i.e security permissions for the file crap still shows administrator/domain admins :/ also when I try and add another user, still nothing. But progress! Ok. Now for the last attempt: right click on file crap, security tab, advanced button, try it from one of the tabs there (I've fscked my only Win XP Pro test m/c here, so can't try it for you). --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
fre, 03.06.2005 kl. 11.19 skrev Ross McInnes: Heh. Well I see the Administrator and Domain Admins and Everyone bits Nothing about adding the user ross to it. Also when I try and add another person, it still comes up access denied :/ I'm afraid at this point I can't help you any more. At this stage you should have a full list of users and groups - sounds as if your basic Samba config isn't right, somehow :( --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
Well here is my samba config, for you or for anyone else :) Ross [global] netbios name = DEV1 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind gid = 1-2 workgroup = DEV-DOMAIN log file = /var/log/samba/samba.log os level = 20 ldap idmap suffix = ou=auth1,dc=dev-domain,dc=stvincent,dc=ac,dc=uk winbind enum groups = yes #socket address = 1.2.3.4 - Change this to match the IP address or remove it to listen to all addresses. password server = auth1.DEV-DOMAIN.STVINCENT.AC.UK preferred master = no winbind separator = + winbind use default domain = yes max log size = 500 - In K encrypt passwords = yes dns proxy = no realm = DEV-DOMAIN.STVINCENT.AC.UK security = ADS wins server = 172.16.2.254 wins proxy = no # nt acl support = No # Shares section [adminshare] comment = testshare browseable = no writeable = yes guest ok = no # valid users = Administrator create mode = 0750 path = /home [adminshare2] comment = testshare2 browseable = no writeable = yes guest ok = no # valid users = Administrator create mode = 0750 path = / [homes] comment = Personal Storage Area browseable = no guest ok = no # path = /home/DEV-DOMAIN/%U vfs object = recycle:repository=.recycle recycle:versions=True recycle:touch=True recycle:keeptree=True recycle:exclude=*.tmp|*.temp|*.o|*.obj|~$*|t*.1|t*.2|t*.3|t*.4|t*.5|t*.6|t$ recycle:exclude_dir=/tmp|/temp recycle:noversions=*.doc|*.xls|*.ppt -Original Message- From: Tony Earnshaw [mailto:[EMAIL PROTECTED] Sent: 03 June 2005 11:36 To: Ross McInnes Cc: samba@lists.samba.org Subject: RE: [Samba] Samba and Windows ACL Issue fre, 03.06.2005 kl. 11.19 skrev Ross McInnes: Heh. Well I see the Administrator and Domain Admins and Everyone bits Nothing about adding the user ross to it. Also when I try and add another person, it still comes up access denied :/ I'm afraid at this point I can't help you any more. At this stage you should have a full list of users and groups - sounds as if your basic Samba config isn't right, somehow :( --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
tor, 02.06.2005 kl. 11.08 skrev Ross McInnes: I think acl's are working. But it doesnt work from windows. I also get an error message with setfacl. Is there an easy way to tell if ACL is enabled in the kernel? I know ive put in the right syntax in /etc/fstab You're running RHEL3. RHAS3 has native POSIX ACL support, so RHEL3 should have, too. And samba is compiled with acl support. Do 'ldd /path/to/smbd-binary'. You should see both: libattr.so.1 = /lib/libattr.so.1 (0x00387000) and libacl.so.1 = /lib/libacl.so.1 (0x00716000) or suchlike. what does 'mount' show you for the partition for which you think you have ACL support? E.g., on my test rig: /dev/hda10 on /m type ext3 (rw,acl,user_xattr) --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
tor, 02.06.2005 kl. 12.34 skrev Ross McInnes: [EMAIL PROTECTED] FixUserPerms]# ldd /usr/local/samba/sbin/smbd | grep attr libattr.so.1 = /lib/libattr.so.1 (0xb74ec000) [EMAIL PROTECTED] FixUserPerms]# ldd /usr/local/samba/sbin/smbd | grep acl libacl.so.1 = /lib/libacl.so.1 (0xb74e6000) /dev/sdb1 on /export/1 type ext3 (rw,acl,user_xattr) /dev/sdc1 on /export/2 type ext3 (rw,acl,user_xattr) Is what I get :/ Still cannot add another user to a file/directory cd /lib/modules/2.4.21-20.EL/kernel/fs/ext3 grep -i acl ext3.o Binary file ext3.o matches or strings ext3.o | less search for acl: system.posix_acl_access system.posix_acl_default ext3_xattr_set_acl Please do at least CC the samba list. I'd far rather answer there, and others can help you - not just me. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
Yeah sorry about that, replied to all this time :) All of those returned positive, so from that I can assume that its running acl/xattr? Many thanks Ross -Original Message- From: Tony Earnshaw [mailto:[EMAIL PROTECTED] Sent: 02 June 2005 12:19 To: Ross McInnes Cc: samba@lists.samba.org Subject: RE: [Samba] Samba and Windows ACL Issue tor, 02.06.2005 kl. 12.34 skrev Ross McInnes: [EMAIL PROTECTED] FixUserPerms]# ldd /usr/local/samba/sbin/smbd | grep attr libattr.so.1 = /lib/libattr.so.1 (0xb74ec000) [EMAIL PROTECTED] FixUserPerms]# ldd /usr/local/samba/sbin/smbd | grep acl libacl.so.1 = /lib/libacl.so.1 (0xb74e6000) /dev/sdb1 on /export/1 type ext3 (rw,acl,user_xattr) /dev/sdc1 on /export/2 type ext3 (rw,acl,user_xattr) Is what I get :/ Still cannot add another user to a file/directory cd /lib/modules/2.4.21-20.EL/kernel/fs/ext3 grep -i acl ext3.o Binary file ext3.o matches or strings ext3.o | less search for acl: system.posix_acl_access system.posix_acl_default ext3_xattr_set_acl Please do at least CC the samba list. I'd far rather answer there, and others can help you - not just me. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
tor, 02.06.2005 kl. 13.55 skrev Ross McInnes: Yeah sorry about that, replied to all this time :) No sweat :) All of those returned positive, so from that I can assume that its running acl/xattr? Well, that's what I have; in short, you have all that I have. But then I can't understand that you're getting errors with setfacl, let alone Windows. Check your syntax, use the examples in 'man setfacl'. As for Samba, you don't have 'nt acl support = no' in smb.conf? Naaaeh :) --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
Heh, nope. Ah... I can use setfacl setfacl -m user:ross:rwx crap Getfacl shows that ross has rwx perms too. However, its not reported back into windows, i.e security permissions for the file crap still shows administrator/domain admins :/ also when I try and add another user, still nothing. But progress! Cheers Ross -Original Message- From: Tony Earnshaw [mailto:[EMAIL PROTECTED] Sent: 02 June 2005 13:22 To: Ross McInnes Cc: samba@lists.samba.org Subject: RE: [Samba] Samba and Windows ACL Issue tor, 02.06.2005 kl. 13.55 skrev Ross McInnes: Yeah sorry about that, replied to all this time :) No sweat :) All of those returned positive, so from that I can assume that its running acl/xattr? Well, that's what I have; in short, you have all that I have. But then I can't understand that you're getting errors with setfacl, let alone Windows. Check your syntax, use the examples in 'man setfacl'. As for Samba, you don't have 'nt acl support = no' in smb.conf? Naaaeh :) --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
tor, 02.06.2005 kl. 15.46 skrev Ross McInnes: Ah... I can use setfacl setfacl -m user:ross:rwx crap Getfacl shows that ross has rwx perms too. However, its not reported back into windows, i.e security permissions for the file crap still shows administrator/domain admins :/ also when I try and add another user, still nothing. But progress! Ok. Now for the last attempt: right click on file crap, security tab, advanced button, try it from one of the tabs there (I've fscked my only Win XP Pro test m/c here, so can't try it for you). --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
Hi all again. Thanks for the replies etc but the issue isnt actually an ACL one. (of sorts) I can change permissions on the users/group already assigned to the directory/file, i.e if its already owned by Administrator and Domain Admins, but I cannot replace them. i.e as Administrator I cannot remove the user administrator and put in ross instead, which is what I need to do. Or even add ross to it. Ive tried doing the net -S Server -UAdministrator rpc rights grant 'DEV-DOMAIN\Administrator' SeTakeOwnershipPrivilege to no avail. Is this a support function? As john had pointed out on a *nix system root can do anything. To prove this, on my current production system I logged on to a share as root, I could change permissions etc nps. This system however uses standard passwd/smbpasswd and not the AD im trying to implement. Any more thoughts or sugestions gratefully received, else it may be that I have to look at a pure windows environment :/ Cheers Ross -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
ons, 01.06.2005 kl. 16.43 skrev Ross McInnes: Thanks for the replies etc but the issue isnt actually an ACL one. (of sorts) Ah. O.k. I can change permissions on the users/group already assigned to the directory/file, i.e if its already owned by Administrator and Domain Admins, but I cannot replace them. i.e as Administrator I cannot remove the user administrator and put in ross instead, which is what I need to do. If you are using POSIX ACLs, then what you can do from Windows is what you can do with 'setfacl'. setfacl doesn't make it possible to change ownerships. Or even add ross to it. From Windows, again iIf you are using POSIX ACLs, you will be able to add ross to it. If ACLs aren't working, then you can't. Ive tried doing the net -S Server -UAdministrator rpc rights grant 'DEV-DOMAIN\Administrator' SeTakeOwnershipPrivilege to no avail. Is this a support function? As john had pointed out on a *nix system root can do anything. :) To prove this, on my current production system I logged on to a share as root, I could change permissions etc nps. This system however uses standard passwd/smbpasswd and not the AD im trying to implement. Any more thoughts or sugestions gratefully received, else it may be that I have to look at a pure windows environment :/ --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
Heh ok im now very very confused. Ill re state my problem, and then can someone tell me if its an ACL issue or not :) Basically I have a w2k3 domain, and samba 3.0.14a Member service. Samba is basically a FileStore. Its all configured fine (i.e I can log onto the w2k3 domain, and map my home drive to samba nps) User accounts have to be managed/create on windows (since doing it on the *nix machine just doesnt work, cant set homedir, if its enabled etc) Problem is that the script that does the user account creation needs to change the permissions on the home directory it just created. Thats when I get a permission denied error. Thats using cacls.exe or using the GUI. Even tho administrator is the owner, he cannot change the grp or add another user etc. getfacl/setfacl -rw-r--r--1 root root0 May 27 13:23 crap [EMAIL PROTECTED] 2005]# getfacl crap # file: crap # owner: root # group: root user::rw- group::r-- other::r-- [EMAIL PROTECTED] 2005]# setfacl -m crap -R group:students:rwx setfacl: Option -m: Invalid argument near character 1 If I chown Administrator:Domain Users crap I can see the file, but as stated before, cannot change the permissions. Is this an ACL/FileSystem issue? Or something else? Many thanks Ross -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Earnshaw Sent: 27 May 2005 21:37 To: samba@lists.samba.org Subject: Re: [Samba] Samba and Windows ACL Issue fre, 27.05.2005 kl. 17.46 skrev John H Terpstra: The fstab below shows that your file systems are NOT mounted with ACL support. To gain ACL support you need: 1. A the ACL and EA functionality in the Linux kernel 2. To mount the file systems with ACL and XATTR support 3. Samba compiled and linked with the ACL and XATTR libraries An example fstab entry to mount a file system with ACL and XATTR support is given here: LABEL=/export/1/export/1 ext3defaults,acl,user_xattr 1 2 Yea! Furthermore, Ross will have to reboot the server after using vi, since an unmount/mount will not be possible. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
Hi, No reboot required. Just a mount -o remount /export/1 Best regards, Bruno Guerreiro -Original Message- From: Ross McInnes [mailto:[EMAIL PROTECTED] Sent: terça-feira, 31 de Maio de 2005 11:47 To: samba@lists.samba.org Subject: RE: [Samba] Samba and Windows ACL Issue Heh ok im now very very confused. Ill re state my problem, and then can someone tell me if its an ACL issue or not :) Basically I have a w2k3 domain, and samba 3.0.14a Member service. Samba is basically a FileStore. Its all configured fine (i.e I can log onto the w2k3 domain, and map my home drive to samba nps) User accounts have to be managed/create on windows (since doing it on the *nix machine just doesn't work, cant set homedir, if its enabled etc) Problem is that the script that does the user account creation needs to change the permissions on the home directory it just created. That's when I get a permission denied error. That's using cacls.exe or using the GUI. Even tho administrator is the owner, he cannot change the grp or add another user etc. getfacl/setfacl -rw-r--r--1 root root0 May 27 13:23 crap [EMAIL PROTECTED] 2005]# getfacl crap # file: crap # owner: root # group: root user::rw- group::r-- other::r-- [EMAIL PROTECTED] 2005]# setfacl -m crap -R group:students:rwx setfacl: Option -m: Invalid argument near character 1 If I chown Administrator:Domain Users crap I can see the file, but as stated before, cannot change the permissions. Is this an ACL/FileSystem issue? Or something else? Many thanks Ross -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Earnshaw Sent: 27 May 2005 21:37 To: samba@lists.samba.org Subject: Re: [Samba] Samba and Windows ACL Issue fre, 27.05.2005 kl. 17.46 skrev John H Terpstra: The fstab below shows that your file systems are NOT mounted with ACL support. To gain ACL support you need: 1. A the ACL and EA functionality in the Linux kernel 2. To mount the file systems with ACL and XATTR support 3. Samba compiled and linked with the ACL and XATTR libraries An example fstab entry to mount a file system with ACL and XATTR support is given here: LABEL=/export/1/export/1 ext3defaults,acl,user_xattr 1 2 Yea! Furthermore, Ross will have to reboot the server after using vi, since an unmount/mount will not be possible. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
tir, 31.05.2005 kl. 12.46 skrev Ross McInnes: Heh ok im now very very confused. Ill re state my problem, and then can someone tell me if its an ACL issue or not :) Basically I have a w2k3 domain, and samba 3.0.14a Member service. Samba is basically a FileStore. Its all configured fine (i.e I can log onto the w2k3 domain, and map my home drive to samba nps) User accounts have to be managed/create on windows (since doing it on the *nix machine just doesnt work, cant set homedir, if its enabled etc) Problem is that the script that does the user account creation needs to change the permissions on the home directory it just created. Thats when I get a permission denied error. Thats using cacls.exe or using the GUI. Even tho administrator is the owner, he cannot change the grp or add another user etc. The above's all a bit vague (I don't know why a Samba root preexec script shouldn't do what you want abov); however: getfacl/setfacl -rw-r--r--1 root root0 May 27 13:23 crap [EMAIL PROTECTED] 2005]# getfacl crap # file: crap # owner: root # group: root user::rw- group::r-- other::r-- [EMAIL PROTECTED] 2005]# setfacl -m crap -R group:students:rwx setfacl: Option -m: Invalid argument near character 1 You haven't ACL support on the mounted filesystem. If I chown Administrator:Domain Users crap I can see the file, but as stated before, cannot change the permissions. You could if you did it as the file owner in Windows and the Samba filesystem really had ACL support, since smbd is running as root and Bruno Guerreiro told you how to remount without a reboot. JHT already told you what to change in /etc/fstab. Is this an ACL/FileSystem issue? Or something else? Likely ACL. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
Heh ok, just the way things were going I wasnt sure if this was the fix or not. Will try this now. Cheers Ross -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Earnshaw Sent: 31 May 2005 12:33 To: samba@lists.samba.org Subject: RE: [Samba] Samba and Windows ACL Issue tir, 31.05.2005 kl. 12.46 skrev Ross McInnes: Heh ok im now very very confused. Ill re state my problem, and then can someone tell me if its an ACL issue or not :) Basically I have a w2k3 domain, and samba 3.0.14a Member service. Samba is basically a FileStore. Its all configured fine (i.e I can log onto the w2k3 domain, and map my home drive to samba nps) User accounts have to be managed/create on windows (since doing it on the *nix machine just doesn?t work, cant set homedir, if its enabled etc) Problem is that the script that does the user account creation needs to change the permissions on the home directory it just created. That?s when I get a permission denied error. That?s using cacls.exe or using the GUI. Even tho administrator is the owner, he cannot change the grp or add another user etc. The above's all a bit vague (I don't know why a Samba root preexec script shouldn't do what you want abov); however: getfacl/setfacl -rw-r--r--1 root root0 May 27 13:23 crap [EMAIL PROTECTED] 2005]# getfacl crap # file: crap # owner: root # group: root user::rw- group::r-- other::r-- [EMAIL PROTECTED] 2005]# setfacl -m crap -R group:students:rwx setfacl: Option -m: Invalid argument near character 1 You haven't ACL support on the mounted filesystem. If I chown Administrator:Domain Users crap I can see the file, but as stated before, cannot change the permissions. You could if you did it as the file owner in Windows and the Samba filesystem really had ACL support, since smbd is running as root and Bruno Guerreiro told you how to remount without a reboot. JHT already told you what to change in /etc/fstab. Is this an ACL/FileSystem issue? Or something else? Likely ACL. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Windows ACL Issue
fre, 27.05.2005 kl. 15.20 skrev Ross McInnes: Hi all got a bit of and odd problem with ACL. Ive read up on a few bits in the samba howto and read some threads on here about it. Im not sure if this is a bug, something ive not done, doing wrong etc so anyone that could shed some light on it that would be great. Basically the windows box handles all user account processing and during creating a script for all this it will attempt to change the permissions on the HOME directory to the user in question (i.e C:\cacls Z:\Students\2005\sb05 /G sb05:F /T /E) But I always get Access is denied. Even tho its currently owned by administrator. Trying the manual way, and the ways listed in the offical samba howto guide produces similar results. Sounds as though you don't have POSIX ACLs enabled on the Samba share mount. The only way I can change the owner is to go into linux and use the chown command. After that its set to the correct user and all is well... Except by doing it by hand kinda rains on my lovely automatic user creation script! Samba.log file shows me no errors, as do any of the others. If there a switch/option I need to enable? Below is smb.conf Im running RHES3, Samba 3.0.14a and Windows 2k3 AD in mixed Mode. [...] The OS has ACL support as standard, but it's not enabled by default. What does /etc/fstab look like for the share mount? --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
Hi Tonni LABEL=/ / ext3defaults1 1 LABEL=/boot /boot ext3defaults1 2 none/dev/ptsdevpts gid=5,mode=620 0 0 LABEL=/export/1 /export/1 ext3defaults1 2 LABEL=/export/2 /export/2 ext3defaults1 2 none/proc procdefaults0 0 none/dev/shmtmpfs defaults0 0 /dev/sda3 swapswapdefaults0 0 /dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0/mnt/floppy autonoauto,owner,kudzu 0 0 Thats my fstab Student accounts are on /export/1 Staff on /export/2 Many thanks Ross -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Earnshaw Sent: 27 May 2005 15:00 To: samba@lists.samba.org Subject: Re: [Samba] Samba and Windows ACL Issue fre, 27.05.2005 kl. 15.20 skrev Ross McInnes: Hi all got a bit of and odd problem with ACL. Ive read up on a few bits in the samba howto and read some threads on here about it. Im not sure if this is a bug, something ive not done, doing wrong etc so anyone that could shed some light on it that would be great. Basically the windows box handles all user account processing and during creating a script for all this it will attempt to change the permissions on the HOME directory to the user in question (i.e C:\cacls Z:\Students\2005\sb05 /G sb05:F /T /E) But I always get Access is denied. Even tho its currently owned by administrator. Trying the manual way, and the ways listed in the offical samba howto guide produces similar results. Sounds as though you don't have POSIX ACLs enabled on the Samba share mount. The only way I can change the owner is to go into linux and use the chown command. After that its set to the correct user and all is well... Except by doing it by hand kinda rains on my lovely automatic user creation script! Samba.log file shows me no errors, as do any of the others. If there a switch/option I need to enable? Below is smb.conf Im running RHES3, Samba 3.0.14a and Windows 2k3 AD in mixed Mode. [...] The OS has ACL support as standard, but it's not enabled by default. What does /etc/fstab look like for the share mount? --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
Hi Ross: Is the Administrator owner a local admin or a domain admin? (should be a domain admin, as far as I know). Regarding ACL enabled -- can you change the ACLs using setfacl from the unix machine and using windows explorer from a windows machine? Regards, Tom Wolfe -Original Message- From: Ross McInnes Sent: Friday, May 27, 2005 8:49 AM To: samba@lists.samba.org Subject: RE: [Samba] Samba and Windows ACL Issue Hi Tonni LABEL=/ / ext3defaults1 1 LABEL=/boot /boot ext3defaults1 2 none/dev/ptsdevpts gid=5,mode=620 0 0 LABEL=/export/1 /export/1 ext3defaults1 2 LABEL=/export/2 /export/2 ext3defaults1 2 none/proc procdefaults0 0 none/dev/shmtmpfs defaults0 0 /dev/sda3 swapswapdefaults0 0 /dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0/mnt/floppy autonoauto,owner,kudzu 0 0 Thats my fstab Student accounts are on /export/1 Staff on /export/2 Many thanks Ross -Original Message- From: Tony Earnshaw Sent: 27 May 2005 15:00 To: samba@lists.samba.org Subject: Re: [Samba] Samba and Windows ACL Issue fre, 27.05.2005 kl. 15.20 skrev Ross McInnes: Hi all got a bit of and odd problem with ACL. Ive read up on a few bits in the samba howto and read some threads on here about it. Im not sure if this is a bug, something ive not done, doing wrong etc so anyone that could shed some light on it that would be great. Basically the windows box handles all user account processing and during creating a script for all this it will attempt to change the permissions on the HOME directory to the user in question (i.e C:\cacls Z:\Students\2005\sb05 /G sb05:F /T /E) But I always get Access is denied. Even tho its currently owned by administrator. Trying the manual way, and the ways listed in the offical samba howto guide produces similar results. Sounds as though you don't have POSIX ACLs enabled on the Samba share mount. The only way I can change the owner is to go into linux and use the chown command. After that its set to the correct user and all is well... Except by doing it by hand kinda rains on my lovely automatic user creation script! Samba.log file shows me no errors, as do any of the others. If there a switch/option I need to enable? Below is smb.conf Im running RHES3, Samba 3.0.14a and Windows 2k3 AD in mixed Mode. [...] The OS has ACL support as standard, but it's not enabled by default. What does /etc/fstab look like for the share mount? --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Windows ACL Issue
Ross, The fstab below shows that your file systems are NOT mounted with ACL support. To gain ACL support you need: 1. A the ACL and EA functionality in the Linux kernel 2. To mount the file systems with ACL and XATTR support 3. Samba compiled and linked with the ACL and XATTR libraries An example fstab entry to mount a file system with ACL and XATTR support is given here: LABEL=/export/1/export/1 ext3defaults,acl,user_xattr 1 2 Cheers, John T. On Friday 27 May 2005 08:48, Ross McInnes wrote: Hi Tonni LABEL=/ / ext3defaults1 1 LABEL=/boot /boot ext3defaults1 2 none/dev/ptsdevpts gid=5,mode=620 0 0 LABEL=/export/1 /export/1 ext3defaults1 2 LABEL=/export/2 /export/2 ext3defaults1 2 none/proc procdefaults0 0 none/dev/shmtmpfs defaults0 0 /dev/sda3 swapswapdefaults0 0 /dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0/mnt/floppy autonoauto,owner,kudzu 0 0 Thats my fstab Student accounts are on /export/1 Staff on /export/2 Many thanks Ross -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Earnshaw Sent: 27 May 2005 15:00 To: samba@lists.samba.org Subject: Re: [Samba] Samba and Windows ACL Issue fre, 27.05.2005 kl. 15.20 skrev Ross McInnes: Hi all got a bit of and odd problem with ACL. Ive read up on a few bits in the samba howto and read some threads on here about it. Im not sure if this is a bug, something ive not done, doing wrong etc so anyone that could shed some light on it that would be great. Basically the windows box handles all user account processing and during creating a script for all this it will attempt to change the permissions on the HOME directory to the user in question (i.e C:\cacls Z:\Students\2005\sb05 /G sb05:F /T /E) But I always get Access is denied. Even tho its currently owned by administrator. Trying the manual way, and the ways listed in the offical samba howto guide produces similar results. Sounds as though you don't have POSIX ACLs enabled on the Samba share mount. The only way I can change the owner is to go into linux and use the chown command. After that its set to the correct user and all is well... Except by doing it by hand kinda rains on my lovely automatic user creation script! Samba.log file shows me no errors, as do any of the others. If there a switch/option I need to enable? Below is smb.conf Im running RHES3, Samba 3.0.14a and Windows 2k3 AD in mixed Mode. [...] The OS has ACL support as standard, but it's not enabled by default. What does /etc/fstab look like for the share mount? --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Windows ACL Issue
John, Why should acl support be needed for a simple owner or group change? Regards, Doug John H Terpstra wrote: Ross, The fstab below shows that your file systems are NOT mounted with ACL support. To gain ACL support you need: 1. A the ACL and EA functionality in the Linux kernel 2. To mount the file systems with ACL and XATTR support 3. Samba compiled and linked with the ACL and XATTR libraries An example fstab entry to mount a file system with ACL and XATTR support is given here: LABEL=/export/1/export/1 ext3defaults,acl,user_xattr 1 2 Cheers, John T. On Friday 27 May 2005 08:48, Ross McInnes wrote: Hi Tonni LABEL=/ / ext3defaults1 1 LABEL=/boot /boot ext3defaults1 2 none/dev/ptsdevpts gid=5,mode=620 0 0 LABEL=/export/1 /export/1 ext3defaults1 2 LABEL=/export/2 /export/2 ext3defaults1 2 none/proc procdefaults0 0 none/dev/shmtmpfs defaults0 0 /dev/sda3 swapswapdefaults0 0 /dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0/mnt/floppy autonoauto,owner,kudzu 0 0 That's my fstab Student accounts are on /export/1 Staff on /export/2 Many thanks Ross -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Earnshaw Sent: 27 May 2005 15:00 To: samba@lists.samba.org Subject: Re: [Samba] Samba and Windows ACL Issue fre, 27.05.2005 kl. 15.20 skrev Ross McInnes: Hi all got a bit of and odd problem with ACL. Ive read up on a few bits in the samba howto and read some threads on here about it. Im not sure if this is a bug, something ive not done, doing wrong etc so anyone that could shed some light on it that would be great. Basically the windows box handles all user account processing and during creating a script for all this it will attempt to change the permissions on the HOME directory to the user in question (i.e C:\cacls Z:\Students\2005\sb05 /G sb05:F /T /E) But I always get Access is denied. Even tho its currently owned by administrator. Trying the manual way, and the ways listed in the offical samba howto guide produces similar results. Sounds as though you don't have POSIX ACLs enabled on the Samba share mount. The only way I can change the owner is to go into linux and use the chown command. After that its set to the correct user and all is well... Except by doing it by hand kinda rains on my lovely automatic user creation script! Samba.log file shows me no errors, as do any of the others. If there a switch/option I need to enable? Below is smb.conf Im running RHES3, Samba 3.0.14a and Windows 2k3 AD in mixed Mode. [...] The OS has ACL support as standard, but it's not enabled by default. What does /etc/fstab look like for the share mount? --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Windows ACL Issue
Why should acl support be needed for a simple owner or group change? The OP here was dealing with ACL operations, not just a simple file/owner change. Regards, Doug John H Terpstra wrote: Ross, The fstab below shows that your file systems are NOT mounted with ACL support. To gain ACL support you need: 1. A the ACL and EA functionality in the Linux kernel 2. To mount the file systems with ACL and XATTR support 3. Samba compiled and linked with the ACL and XATTR libraries An example fstab entry to mount a file system with ACL and XATTR support is given here: LABEL=/export/1/export/1 ext3defaults,acl,user_xattr 1 2 Cheers, John T. On Friday 27 May 2005 08:48, Ross McInnes wrote: Hi Tonni LABEL=/ / ext3 defaults1 1 LABEL=/boot /boot ext3 defaults1 2 none/dev/ptsdevpts gid=5,mode=620 0 0 LABEL=/export/1 /export/1 ext3 defaults1 2 LABEL=/export/2 /export/2 ext3 defaults1 2 none/proc proc defaults0 0 none/dev/shmtmpfs defaults0 0 /dev/sda3 swapswap defaults0 0 /dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0/mnt/floppy auto noauto,owner,kudzu 0 0 That's my fstab Student accounts are on /export/1 Staff on /export/2 Many thanks Ross -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Earnshaw Sent: 27 May 2005 15:00 To: samba@lists.samba.org Subject: Re: [Samba] Samba and Windows ACL Issue fre, 27.05.2005 kl. 15.20 skrev Ross McInnes: Hi all got a bit of and odd problem with ACL. Ive read up on a few bits in the samba howto and read some threads on here about it. Im not sure if this is a bug, something ive not done, doing wrong etc so anyone that could shed some light on it that would be great. Basically the windows box handles all user account processing and during creating a script for all this it will attempt to change the permissions on the HOME directory to the user in question (i.e C:\cacls Z:\Students\2005\sb05 /G sb05:F /T /E) But I always get Access is denied. Even tho its currently owned by administrator. Trying the manual way, and the ways listed in the offical samba howto guide produces similar results. Sounds as though you don't have POSIX ACLs enabled on the Samba share mount. The only way I can change the owner is to go into linux and use the chown command. After that its set to the correct user and all is well... Except by doing it by hand kinda rains on my lovely automatic user creation script! Samba.log file shows me no errors, as do any of the others. If there a switch/option I need to enable? Below is smb.conf Im running RHES3, Samba 3.0.14a and Windows 2k3 AD in mixed Mode. [...] The OS has ACL support as standard, but it's not enabled by default. What does /etc/fstab look like for the share mount? --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Windows ACL Issue
On Friday 27 May 2005 14:39, Doug VanLeuven wrote: John, Why should acl support be needed for a simple owner or group change? It isn't. I was responding to the matter of ACL's support. You are perfectly correct - ownership management has nothing to do with ACL's per se. But in UNIX only root can change the ownership of a file, unlike Windows, in which the owner can change the ownership of the file (or directory). If you want to make it possible for a user to change file and directory ownership you will need to use the user rights and privileges setting to provide that. The user will need to be given seDiskOperatorPrivilege - and that makes them 'root' for all such operations. - John T. Regards, Doug John H Terpstra wrote: Ross, The fstab below shows that your file systems are NOT mounted with ACL support. To gain ACL support you need: 1. A the ACL and EA functionality in the Linux kernel 2. To mount the file systems with ACL and XATTR support 3. Samba compiled and linked with the ACL and XATTR libraries An example fstab entry to mount a file system with ACL and XATTR support is given here: LABEL=/export/1/export/1 ext3defaults,acl,user_xattr 1 2 Cheers, John T. On Friday 27 May 2005 08:48, Ross McInnes wrote: Hi Tonni LABEL=/ / ext3defaults1 1 LABEL=/boot /boot ext3defaults 1 2 none/dev/ptsdevpts gid=5,mode=620 0 0 LABEL=/export/1 /export/1 ext3 defaults1 2 LABEL=/export/2 /export/2 ext3defaults1 2 none/proc procdefaults0 0 none/dev/shm tmpfs defaults0 0 /dev/sda3 swap swapdefaults0 0 /dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0/mnt/floppy auto noauto,owner,kudzu 0 0 That's my fstab Student accounts are on /export/1 Staff on /export/2 Many thanks Ross -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Earnshaw Sent: 27 May 2005 15:00 To: samba@lists.samba.org Subject: Re: [Samba] Samba and Windows ACL Issue fre, 27.05.2005 kl. 15.20 skrev Ross McInnes: Hi all got a bit of and odd problem with ACL. Ive read up on a few bits in the samba howto and read some threads on here about it. Im not sure if this is a bug, something ive not done, doing wrong etc so anyone that could shed some light on it that would be great. Basically the windows box handles all user account processing and during creating a script for all this it will attempt to change the permissions on the HOME directory to the user in question (i.e C:\cacls Z:\Students\2005\sb05 /G sb05:F /T /E) But I always get Access is denied. Even tho its currently owned by administrator. Trying the manual way, and the ways listed in the offical samba howto guide produces similar results. Sounds as though you don't have POSIX ACLs enabled on the Samba share mount. The only way I can change the owner is to go into linux and use the chown command. After that its set to the correct user and all is well... Except by doing it by hand kinda rains on my lovely automatic user creation script! Samba.log file shows me no errors, as do any of the others. If there a switch/option I need to enable? Below is smb.conf Im running RHES3, Samba 3.0.14a and Windows 2k3 AD in mixed Mode. [...] The OS has ACL support as standard, but it's not enabled by default. What does /etc/fstab look like for the share mount? --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfrer Marvin Wiseth: Bergenserne er flinke til gjre mye ut av lite (uttalte seg over 17. mai feiringen ir, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Windows ACL Issue
On Fri, May 27, 2005 at 02:50:30PM -0600, John H Terpstra wrote: On Friday 27 May 2005 14:39, Doug VanLeuven wrote: John, Why should acl support be needed for a simple owner or group change? It isn't. I was responding to the matter of ACL's support. You are perfectly correct - ownership management has nothing to do with ACL's per se. But in UNIX only root can change the ownership of a file, unlike Windows, in which the owner can change the ownership of the file (or directory). If you want to make it possible for a user to change file and directory ownership you will need to use the user rights and privileges setting to provide that. The user will need to be given seDiskOperatorPrivilege - and that makes them 'root' for all such operations. Just an FYI: This is not yet implemented. I think the privilege would be TakeOwnership also. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Windows ACL Issue
fre, 27.05.2005 kl. 17.46 skrev John H Terpstra: The fstab below shows that your file systems are NOT mounted with ACL support. To gain ACL support you need: 1. A the ACL and EA functionality in the Linux kernel 2. To mount the file systems with ACL and XATTR support 3. Samba compiled and linked with the ACL and XATTR libraries An example fstab entry to mount a file system with ACL and XATTR support is given here: LABEL=/export/1/export/1 ext3defaults,acl,user_xattr 1 2 Yea! Furthermore, Ross will have to reboot the server after using vi, since an unmount/mount will not be possible. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
