smbcacl doesn't work for me
Hi, I share an XFS-volume via samba 2.2.4. fetching the acls works like the following for me: hermes:/secrets # smbcacls //hermes/xfs-share test -U TOGO/hzbogdan Password: REVISION:1 OWNER:TOGO\hzbogdan GROUP:TOGO\users ACL:TOGO\hzbogdan:ALLOWED//RW ACL:TOGO\users:ALLOWED//R ACL:\Everyone:ALLOWED//R - When I try to set - or rather modify - the Acl for the group "users", I get strange results: - hermes:/secrets # smbcacls //hermes/xfs-share test -U TOGO/hzbogdan -M ACL:TOGO\users:0/0/W Password: Failed to parse ACL ACL:TOGOusers Using various substitutions for type/flags/mask Values didn't get better results. Could someone provide some help? Thanks z. Zoltan Bogdan Zoltan Bogdan - Linux SystemIntegration Kreutzerstr. 71 D-90439 Nürnberg Tel. +49 (0)911 929 191 25 Fax +49 (0)911 929 191 26 Mobil +49 (0)175 521 705 4 [EMAIL PROTECTED]
PS: smbcacl doesn't work for me
Am Don, 2002-10-03 um 23.43 schrieb Zoltan Bogdan: Hi, I share an XFS-volume via samba 2.2.4. fetching the acls works like the following for me: hermes:/secrets # smbcacls //hermes/xfs-share test -U TOGO/hzbogdan Password: REVISION:1 OWNER:TOGO\hzbogdan GROUP:TOGO\users ACL:TOGO\hzbogdan:ALLOWED//RW ACL:TOGO\users:ALLOWED//R ACL:\Everyone:ALLOWED//R - When I try to set - or rather modify - the Acl for the group "users", I get strange results: - hermes:/secrets # smbcacls //hermes/xfs-share test -U TOGO/hzbogdan -M ACL:TOGO\users:0/0/W Password: Failed to parse ACL ACL:TOGOusers Using various substitutions for type/flags/mask Values didn't get better results. Could someone provide some help? Meanwhile I updated to v2.2.5. I realized that I need to provide the arguments in numeric form. While this command fails: linux:/data # smbcacls //linux/testXFS test -U TESTNET/testuser -M ACL:TESTNET\testuser:0/0/RWX This one works: linux:/data # smbcacls //linux/testXFS test -U TESTNET/testuser \ -M ACL:S-1-5-21-3184567151-898596407-368155116-1201:0/0/0x001f01ff Have I missed something in my configuration or isn't this implemented yet? If the later is true, could someone provide me with the hex representation of the NT-acls given in the manpage of "smbcacls". My config looks like that right now: # Samba config file created using SWAT # Date: 2002/10/03 10:47:03 # Global parameters [global] workgroup = TESTNET encrypt passwords = Yes log level =3 time server = Yes unix extensions = Yes socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY printcap name = CUPS character set = ISO8859-15 domain logons = Yes os level = 2 wins support = Yes printing = cups veto files = /*.eml/*.nws/riched20.dll/*.{*}/ [homes] comment = Home Directories valid users = %S read only = No create mask = 0640 directory mask = 0750 browseable = No [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 [testXFS] path = /data inherit permissions = Yes inherit acls = Yes nt acl support = Yes Thanks z. Zoltan Bogdan Zoltan Bogdan - Linux SystemIntegration Kreutzerstr. 71 D-90439 Nürnberg Tel. +49 (0)911 929 191 25 Fax +49 (0)911 929 191 26 Mobil +49 (0)175 521 705 4 [EMAIL PROTECTED]
Re: PS: smbcacl doesn't work for me
Am Fre, 2002-10-04 um 18.57 schrieb Steve Langasek: On Fri, Oct 04, 2002 at 06:48:55PM +0200, Zoltan Bogdan wrote: > Am Don, 2002-10-03 um 23.43 schrieb Zoltan Bogdan: > Hi, > I share an XFS-volume via samba 2.2.4. > fetching the acls works like the following for me: > > hermes:/secrets # smbcacls //hermes/xfs-share test -U TOGO/hzbogdan > Password: > REVISION:1 > OWNER:TOGO\hzbogdan > GROUP:TOGO\users > ACL:TOGO\hzbogdan:ALLOWED//RW > ACL:TOGO\users:ALLOWED//R > ACL:\Everyone:ALLOWED//R > - > When I try to set - or rather modify - the Acl for the group > "users", I get strange results: > - > hermes:/secrets # smbcacls //hermes/xfs-share test -U TOGO/hzbogdan > -M ACL:TOGO\users:0/0/W > Password: > Failed to parse ACL ACL:TOGOusers > > Using various substitutions for type/flags/mask Values didn't get > better results. > Could someone provide some help? You haven't escaped your strings to make them shell-safe. The shell eats the backslash, and smbcacls only sees 'ACL:TOGOusers' instead of 'ACL:TOGO\users'. I also don't know for sure if names in ACLs are supported by smbcacls in 2.2. If so, you definitely need to handle that backslash: smbcacls //hermes/xfs-share test -U TOGO/hzbogdan -M ACL:TOGO\\users:0/0/W or smbcacls //hermes/xfs-share test -U TOGO/hzbogdan -M 'ACL:TOGO\users:0/0/W' HTH, Steve Langasek postmodern programmer Hi Steve, thanks for your hint. Not escaping special characters is a quite silly fault and i'm a little embarrassed. Unfortunately escaping didn't work either - so you're probably right assuming that names are not supported. Do you know where I get the hex code for the NT-ACLs ? Here's another strange thing I expierienced playing arround with smbcacls: The output calling smbacls locally is different from the output I get if I call it in an ssh session: locally: - linux:/data # smbcacls //linux/testXFS test -U TESTNET/testuser -M ACL:TESTNET\\users:0/0/RW lsa_io_sec_qos: length c does not match size 8 Failed to parse ACL ACL:TESTNET\users remote: - linux:/data # smbcacls //linux/testXFS test -U TESTNET/testuser -A ACL:TESTNET\\users:0/0/RW Failed to parse security descriptor - bye z. Zoltan Bogdan Zoltan Bogdan - Linux SystemIntegration Kreutzerstr. 71 D-90439 Nürnberg Tel. +49 (0)911 929 191 25 Fax +49 (0)911 929 191 26 Mobil +49 (0)175 521 705 4 [EMAIL PROTECTED]