LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 01-28-2011, 10:25 AM   #1
bobbywan
LQ Newbie
 
Registered: Jan 2011
Location: Lille, France
Posts: 4

Rep: Reputation: 0
Issue with ACL on SaMBa server (Debian Lenny)


Hello all,

I've just noticed a huge issue on my company SaMBa server : acls which were working fine don't work anymore and I can't figure why.

Read access is always working for 'other' whereas other access is 000

here is my smb.conf

Code:
[global]

        netbios name= myserver
        workgroup = mydomain
        server string = myserver
#--------------------config PDC-----------------------# 
        domain master = Yes
        local master = Yes
        domain logons = Yes
        os level = 40

        ldap passwd sync = Yes
        security = user
        encrypt passwords = true
        passdb backend = ldapsam:ldap://127.0.0.1/
        ldap admin dn = cn=admin,dc=mycompany,dc=com
        ldap suffix = dc=mycompany,dc=com
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Machines
        ldap delete dn = Yes

        add user script = /usr/sbin/smbldap-useradd -m "%u"
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add machine script = /usr/sbin/smbldap-useradd -w "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        #delete group script = /usr/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

        logon path = \\%L\profile\%U
        logon drive = U:
        logon home = \\%L\%U
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        case sensitive = No
        default case = lower
        preserve case = yes
        short preserve case = Yes

[partage]
        writeable = yes
        admin users = @admingroup,@staffgroup
        path = /home/partage
        comment = partage
        valid users = @bossgroup,@admingroup,@gamegroup,@devgroup,@graphismegroup,@staffgroup,@comgroup,@seriousgroup,@leelhgroup
        profile acls = yes
        inherit permissions = yes
        inherit acls = yes
        map acl inherit = yes
When i do ls -al in /home/partage here is what I get
Code:
drwxrwx---+ 16 root admingroup       4096 jan 28 15:09 .                                                                                                                                                                                     
drwxr-xr-x  20 root root             4096 jan 26 14:39 ..                                                                                                                                                                                    
drwxrwx---+ 19 sha  staffgroup       4096 jan 26 09:26 3dduo_staff                                                                                                                                                                           
----------   1 root root                0 déc 16 10:12 autorun.inf                                                                                                                                                                           
drwxrwx---+ 13 sha  admingroup       4096 aoû 11 00:36 demos                                                                                                                                                                                 
-rwxrwxr-x+  1 root staffgroup      15364 jan 20 18:28 .DS_Store                                                                                                                                                                             
drwxrwx---+  9 sha  commercialgroup  4096 oct 21 19:19 pole_commercial                                                                                                                                                                       
drwxrwx---+ 31 sha  comgroup         4096 jan 28 10:26 pole_communication                                                                                                                                                                    
drwxrwx---+  4 sha  admingroup       4096 aoû 10 22:11 pole_community_management                                                                                                                                                             
drwxrwx---+ 17 sha  devgroup         4096 jan  7 17:01 pole_dev                                                                                                                                                                              
drwxrwx---+ 11 sha  gamegroup        4096 déc 15 19:01 pole_game_design                                                                                                                                                                      
drwxrwx---+ 17 sha  commercialgroup  4096 jan 25 09:53 pole_gestion_projet                                                                                                                                                                   
drwxrwx---+ 13 sha  graphismegroup   4096 jan  4 11:06 pole_graphisme
drwxrwx---+  8 root admingroup       4096 jan  6 17:15 pole_reseaux
drwxrwxrwx+  6 root staffgroup       4096 jan  3 16:54 pole_RH
drwxrwx---+ 29 sha  staffgroup       4096 jan 25 18:38 projets
drwxrwx---+ 57 sha  admingroup       4096 déc 13 10:24 projets_finis
drwxrwxr-x+  2 root graphismegroup   4096 jan  4 15:48 Recycled
and a getfacl for a random folder which should be readable only by its group

Code:
# file: pole_reseaux/
# owner: root
# group: admingroup
user::rwx
group::rwx
group:admingroup:rwx
mask::rwx
other::---
Also, when i do ps aux | grep smb
all processus users are 'root' whereas before there were ldap users

Thanks in advance for your help
 
Old 01-28-2011, 10:35 AM   #2
bobbywan
LQ Newbie
 
Registered: Jan 2011
Location: Lille, France
Posts: 4

Original Poster
Rep: Reputation: 0
I just noticed something more I hadn't see before posting : the line admin users = @admingroup,@staffgroup may explain the behaviour of the acls because everybody in the company is in this group. However, when I remove it, nobody in staffgroup can access partage, so it's quite a problem.

If my permission issue comes from this, I think I'm gonna kill the one who did this, even if he is not in the company anymore.

Last edited by bobbywan; 01-28-2011 at 11:02 AM.
 
Old 01-28-2011, 11:11 AM   #3
bobbywan
LQ Newbie
 
Registered: Jan 2011
Location: Lille, France
Posts: 4

Original Poster
Rep: Reputation: 0
Ok I solved it, I had put 770 rights on partage, that's why windows users couldn't mount it, and ACLs are fine now \o/

I'm on my way to kill my former trainee

Last edited by bobbywan; 01-28-2011 at 11:13 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Screen Resolution issue Debian Lenny dpeterson3 Linux - Desktop 3 08-11-2009 11:14 AM
LXer: Debian Lenny Samba Standalone Server With tdbsam Backend LXer Syndicated Linux News 0 05-15-2009 12:20 PM
Debian Lenny Samba Configuration Issue Sader Debian 1 01-27-2009 04:26 PM
Debian Lenny Gizmo headset issue. bluesfreak72@gmail.com Linux - General 0 01-23-2009 03:39 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration