FedoraThis forum is for the discussion of the Fedora Project.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am able to do login authentication from Active directory (W2k server) on Fedora Core3 using Samba 3.0.14a.
Now I want set linux share permissions using Windows ACLs. In samba documentation its mentioned that it requires POSIX support and its not included in most of the distributions by default. My question is:
- How to know if POSIX ACL support is available? Through which commands or configuration checking?
- Is Fedora Core3 POSIX support by default? If no, then how to patch it?
Apparent from the samba documentation it seems that if POSIX support is enabled then setting share permissions is no more that simply using the Computer Management Console. I am wondering if it will be so simple after POSIX (and It will be quite relief if it is so! )
Posix ACL is enable in fc3. you can try the command with getfacl directory/filename
I have been having this problem for the past 2 -3 weeks to set permission for samba user, try to search for more info about it.... i have finally rule out that eventhough with POSIX ACL you cant do exactly like Win ACL. this is due to the rwx permission in unix.
for example if you allow the user to edit/write and disable delete.. this option is only available in windows. As for samba, this particular permission could not be use because of the unix rwx permission, but if you just want to use as basic configuration that it is not a problem.
you can use your computer management console to connect to the samba server, but the permission is limited, and dont expect it to work exactly like windows.
Originally posted by hampeh Posix ACL is enable in fc3. you can try the command with getfacl directory/filename
I have been having this problem for the past 2 -3 weeks to set permission for samba user, try to search for more info about it.... i have finally rule out that eventhough with POSIX ACL you cant do exactly like Win ACL. this is due to the rwx permission in unix.
for example if you allow the user to edit/write and disable delete.. this option is only available in windows. As for samba, this particular permission could not be use because of the unix rwx permission, but if you just want to use as basic configuration that it is not a problem.
you can use your computer management console to connect to the samba server, but the permission is limited, and dont expect it to work exactly like windows.
hope this helps.
Thanks for your reply. Can you please provide some more information about the steps to access windows shares from Linux for setting ACLs, and any other related configuration to enale Samba using ACls?
I have all directories mounted under same partition, with ACL not enabled on the partition. I found this article http://www.vanemery.com/Linux/ACL/linux-acl.html to enable ACL on partitions. I didn't enabled ACL on the existing FC3 partition to avoid risk of blocked booting. Instead, I installed a new CentOS Linux distribution with "/home" on a separate partition, and remounted the partition wit ACL support according to steps in the above mentioned article.
After these steps, I am able to set ACLs on linux using setfacl commands, but still, Windows is not able to set any share permissions. When I try to set permissions from windows, access is denied while saving the permissions.
I will appreciate a lot if you can share the procedure that you followed for conifguration of Windws based ACLs .
Also, its not possible to create a new share on Linux using Computer Management Console from Windows. I also observed that despite I have also set "root = administrator" in smbusers file on linux, if I login as domain administrator on Linux box, I donot have all root rights. Do I need to do something more to enable domain Administrator user to gain equual rights of the root user?
for example if you like to share your /home partition.
the config should like this:
LABEL=/home /home ext3 defaults 1 2
replace to
LABEL=/home /home ext3 rw,acl 1 2
then reboot your system (i reboot the system), or you can mount it with mount -v -o partition.
#Make sure, that your samba is running and you are able to log in into it. if not set your smbpasswd -a username.
When login click your under system maintenance i think, cant really remember it. connect the computer management to your samba server, then you may edit the ACL from windows.
Thanks for your response. I already made the change in fstab file and rebooted the system. After that I was able to set ACLs on Linux using setfacl commands, but not from windows.
Samba is running, and configured for active directory authentication, as I am able to login using active directory account on the linux box.
But as I mentioned in my last post, as I think, the windows' administrator user should have root rights on linux, but when I log in using windows administrator's account on Linux, it does not has root rights. And perhaps for the same reason it does not allow form the windows Computer Management Console to change ACL?
You can use samba administration user, as for me i add another user using the login Admin. To login make sure that you are connected to the domain to make the changes. You can't edit it if your windows client is not logged in the domain.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.