LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 12-05-2012, 12:15 PM   #1
hampeh
LQ Newbie
 
Registered: Mar 2005
Distribution: fedora, slackware
Posts: 16

Rep: Reputation: 0
Problem with permission (setfacl) with samba joining domain


Hi Guys,

Its been a while that i actually post here to find answer as most of the problem that i faced have the solutions. However i have been searching for this particular problem but i did not get the answer.

Recently one of the clients that i have been working have decided to installed Windows 2008r2 and have AD runs as the master.

I have followed this guide to get samba to join 2008 http://itscblog.tamu.edu/joining-sam...008-r2-domain/

However i am having a bit of problem with the file sharing portion. I have setup multiple folder according to their access, but everyone can just go into other folder eventhough setfacl permission is assigned to another group.

samba share config:
Code:
[admin]
   available = yes
   comment = Admin folder
   path = /home/hmm/admin
   writeable = yes
   browseable = yes
   invalid users = root
   create mask = 0660
   directory mask = 0770
   valid users = @DOMAIN+ADM

[CP]
   available = yes
   comment = CP
   path = /home/hmm/cp
   writeable = yes
   browseable = yes
   invalid users = root
   create mask = 0660
   directory mask = 0770
   valid users = @DOMAIN+CP

[CP-PNC]
   available = yes
   comment = CP Private
   path = /home/hmm/cp_h
   writeable = yes
   browseable = yes
   invalid users = root
   create mask = 0660
   directory mask = 0770
   valid users = @DOMAIN+CPH

[draft]
   available = yes
   comment = draft review
   path = /home/hmm/draft
   writeable = yes
   browseable = yes
   invalid users = root
   create mask = 0660
   directory mask = 0770
   valid users = @DOMAIN+draft

[EHT]
   available = yes
   comment = EHT
   path = /home/hmm/eht
   writeable = yes
   browseable = yes
   invalid users = root
   create mask = 0660
   directory mask = 0770
   valid users = @DOMAIN+EHT

[EHT-PNC]
   available = yes
   comment = EHT private
   path = /home/hmm/eht_h
   writeable = yes
   browseable = yes
   invalid users = root
   create mask = 0660
   directory mask = 0770
   valid users = @DOMAIN+EHTH

[F.Fighting]
   available = yes
   comment = F.Fighting
   path = /home/hmm/ff
   writeable = yes
   browseable = yes
   invalid users = root
   create mask = 0660
   directory mask = 0770
   valid users = @DOMAIN+FF

[FF-PNC]
   available = yes
   comment = FF Private
   path = /home/hmm/ff_h
   writeable = yes
   browseable = yes
   invalid users = root
   create mask = 0660
   directory mask = 0770
   valid users = @DOMAIN+FFH

[HSS-PNC]
   available = yes
   comment = HSS
   path = /home/hmm/hss_h
   writeable = yes
   browseable = yes
   invalid users = root
   create mask = 0660
   directory mask = 0770
   valid users = @DOMAIN+HSSH

[Sales]
   available = yes
   comment = Sales
   path = /home/hmm/sales
   writeable = yes
   browseable = yes
   invalid users = root
   create mask = 0660
   directory mask = 0770
   valid users = @DOMAIN+SALES @DOMAIN+HSS liza
Here is the getfacl output:
Code:
[root@linux-fs box1]# getfacl *
# file: admin
# owner: root
# group: root
user::rwx
group::r-x
group:adm:rwx
mask::rwx
other::r-x

# file: cp
# owner: root
# group: root
user::rwx
group::r-x
group:cp:rwx
mask::rwx
other::r-x

# file: cp_h
# owner: root
# group: root
user::rwx
group::r-x
group:cph:rwx
mask::rwx
other::r-x

# file: draft
# owner: root
# group: root
user::rwx
group::r-x
group:draft:rwx
mask::rwx
other::r-x

# file: eht
# owner: root
# group: root
user::rwx
group::r-x
group:eht:rwx
mask::rwx
other::r-x

# file: eht_h
# owner: root
# group: root
user::rwx
group::r-x
group:ehth:rwx
mask::rwx
other::r-x

# file: ff
# owner: root
# group: root
user::rwx
group::r-x
group:ff:rwx
mask::rwx
other::r-x

# file: ff_h
# owner: root
# group: root
user::rwx
group::r-x
group:ffh:rwx
mask::rwx
other::r-x

# file: hss
# owner: root
# group: root
user::rwx
group::r-x
group:hss:rwx
mask::rwx
other::r-x

# file: hss_h
# owner: root
# group: root
user::rwx
group::r-x
group:hssh:rwx
mask::rwx
other::r-x

# file: sales
# owner: root
# group: root
user::rwx
group::r-x
group:sales:rwx
group:hss:rwx
mask::rwx
other::r-x
at first I am suspecting is because of the permission other::r-x, but the group that does not have access have the ability to actually write on the folder.

Anyone can advice if I am missing any steps on this and how to fix it.

Thanks!
 
Old 12-07-2012, 03:31 AM   #2
adol83
Member
 
Registered: Jul 2012
Location: Rome
Distribution: RHEL6, CentOs
Posts: 92

Rep: Reputation: 1
When you access the directory via net, what user you type on the directory?
 
Old 12-07-2012, 05:02 AM   #3
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Look at the "other" entry. It allows access to any user to enter directories.
 
Old 12-07-2012, 06:05 PM   #4
hampeh
LQ Newbie
 
Registered: Mar 2005
Distribution: fedora, slackware
Posts: 16

Original Poster
Rep: Reputation: 0
thanks guys. I have found the issues as what jschiwal says.

What i have done is chmod 700 *, and reset the acl again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] samba: after joining the domain the server loose the domain controller r_ramp Linux - Server 1 05-09-2012 07:12 AM
Samba Ldap problem when joining Windows to the domain psychiczero Linux - Software 0 12-20-2010 02:54 AM
joining a samba domain ikw38 Linux - Networking 20 09-22-2009 11:14 PM
system-config-samba problem after joining Windows 2003 domain Joe Donner Red Hat 3 06-21-2006 03:35 PM
Joining a machine from another domain to my linux samba domain acummins Linux - Networking 0 09-13-2003 07:07 AM


All times are GMT -5. The time now is 07:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration