Hi Guys,
Its been a while that i actually post here to find answer as most of the problem that i faced have the solutions. However i have been searching for this particular problem but i did not get the answer.
Recently one of the clients that i have been working have decided to installed Windows 2008r2 and have AD runs as the master.
I have followed this guide to get samba to join 2008
http://itscblog.tamu.edu/joining-sam...008-r2-domain/
However i am having a bit of problem with the file sharing portion. I have setup multiple folder according to their access, but everyone can just go into other folder eventhough setfacl permission is assigned to another group.
samba share config:
Code:
[admin]
available = yes
comment = Admin folder
path = /home/hmm/admin
writeable = yes
browseable = yes
invalid users = root
create mask = 0660
directory mask = 0770
valid users = @DOMAIN+ADM
[CP]
available = yes
comment = CP
path = /home/hmm/cp
writeable = yes
browseable = yes
invalid users = root
create mask = 0660
directory mask = 0770
valid users = @DOMAIN+CP
[CP-PNC]
available = yes
comment = CP Private
path = /home/hmm/cp_h
writeable = yes
browseable = yes
invalid users = root
create mask = 0660
directory mask = 0770
valid users = @DOMAIN+CPH
[draft]
available = yes
comment = draft review
path = /home/hmm/draft
writeable = yes
browseable = yes
invalid users = root
create mask = 0660
directory mask = 0770
valid users = @DOMAIN+draft
[EHT]
available = yes
comment = EHT
path = /home/hmm/eht
writeable = yes
browseable = yes
invalid users = root
create mask = 0660
directory mask = 0770
valid users = @DOMAIN+EHT
[EHT-PNC]
available = yes
comment = EHT private
path = /home/hmm/eht_h
writeable = yes
browseable = yes
invalid users = root
create mask = 0660
directory mask = 0770
valid users = @DOMAIN+EHTH
[F.Fighting]
available = yes
comment = F.Fighting
path = /home/hmm/ff
writeable = yes
browseable = yes
invalid users = root
create mask = 0660
directory mask = 0770
valid users = @DOMAIN+FF
[FF-PNC]
available = yes
comment = FF Private
path = /home/hmm/ff_h
writeable = yes
browseable = yes
invalid users = root
create mask = 0660
directory mask = 0770
valid users = @DOMAIN+FFH
[HSS-PNC]
available = yes
comment = HSS
path = /home/hmm/hss_h
writeable = yes
browseable = yes
invalid users = root
create mask = 0660
directory mask = 0770
valid users = @DOMAIN+HSSH
[Sales]
available = yes
comment = Sales
path = /home/hmm/sales
writeable = yes
browseable = yes
invalid users = root
create mask = 0660
directory mask = 0770
valid users = @DOMAIN+SALES @DOMAIN+HSS liza
Here is the getfacl output:
Code:
[root@linux-fs box1]# getfacl *
# file: admin
# owner: root
# group: root
user::rwx
group::r-x
group:adm:rwx
mask::rwx
other::r-x
# file: cp
# owner: root
# group: root
user::rwx
group::r-x
group:cp:rwx
mask::rwx
other::r-x
# file: cp_h
# owner: root
# group: root
user::rwx
group::r-x
group:cph:rwx
mask::rwx
other::r-x
# file: draft
# owner: root
# group: root
user::rwx
group::r-x
group:draft:rwx
mask::rwx
other::r-x
# file: eht
# owner: root
# group: root
user::rwx
group::r-x
group:eht:rwx
mask::rwx
other::r-x
# file: eht_h
# owner: root
# group: root
user::rwx
group::r-x
group:ehth:rwx
mask::rwx
other::r-x
# file: ff
# owner: root
# group: root
user::rwx
group::r-x
group:ff:rwx
mask::rwx
other::r-x
# file: ff_h
# owner: root
# group: root
user::rwx
group::r-x
group:ffh:rwx
mask::rwx
other::r-x
# file: hss
# owner: root
# group: root
user::rwx
group::r-x
group:hss:rwx
mask::rwx
other::r-x
# file: hss_h
# owner: root
# group: root
user::rwx
group::r-x
group:hssh:rwx
mask::rwx
other::r-x
# file: sales
# owner: root
# group: root
user::rwx
group::r-x
group:sales:rwx
group:hss:rwx
mask::rwx
other::r-x
at first I am suspecting is because of the permission other::r-x, but the group that does not have access have the ability to actually write on the folder.
Anyone can advice if I am missing any steps on this and how to fix it.
Thanks!
