hello
I have a share folder in samba server called Commercial which it has some sub directories as:
Quote:
Commercial/International/NewRequest/
|
and I have a user,
"dan", which I want it to have these permissions to this hierarchy:
Quote:
Commercial/:can read the content but does not have permission to change any thing or delete or add any new folder
Commercial/International/:can read the content but does not have permission to change any thing or delete or add any new folder
Commercial/International/NewRequest/:has full permission to do anything he wants here
|
my configurations is as follows:
Quote:
cat /etc/samba/smb.conf
[global]
workgroup = DM-DOMAIN
netbios name = DM
server string = DM File Server
enable privileges = yes
interfaces = lo,eth0,eth1,eth2
bind interfaces only = Yes
passdb backend = ldapsam:ldapi://%2fvar%2frun%2fslapd%2fldapi
ldap ssl = Off
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
vfs objects = full_audit
full_audit:success = connect opendir open disconnect unlink mkdir rmdir rename
full_audit:failure = none
smb ports = 137 138 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
wins support = Yes
dns proxy = Yes
ldap suffix = dc=DM,dc=DM,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=ebox,dc=DM,dc=DM,dc=com
map acl inherit = Yes
printing = cups
[Commercial]
comment = Commercial
path = /home/samba/shares/Commercial
valid users = "mak", "dan", @"Commercial", @"Managers"
read list = "mak", "dan"
write list = @"Commercial"
admin users = @"Managers"
read only = No
browseable = Yes
force create mode = 0440
force directory mode = 0660
vfs objects = full_audit recycle
recycle: versions = Yes
recycle: repository = /home/.Recycles/%U/%I_%S_%T_RecycleBin
recycle: keeptree = Yes
recycle: excludedir = /tmp|/var/tmp
recycle: directory_mode = 0700
|
and fstab:
Quote:
root@DM:~# cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc nodev,noexec,nosuid 0 0
/dev/mapper/isw_jaccaghaj_DM1 / ext4 errors=remount-ro,usrquota,grpquota,acl 0 1
/dev/mapper/isw_jaccaghaj_DM5 none swap sw 0 0
|
and acl configuration:
Code:
root@DM:/home/samba/shares# getfacl -e Commercial/
# file: Commercial/
# owner: ebox
# group: __USERS__
user::rw-
user:dan:r-x #effective:r-x
group::r-x #effective:r-x
group:Commercial:rwx #effective:rwx
mask::rwx
other::---
default:user::rw-
default:user:dan:rwx #effective:rwx
default:group::r-x #effective:r-x
default:group:Commercial:rwx #effective:rwx
default:mask::rwx
default:other::---
root@DM:/home/samba/shares# getfacl -e Commercial/International/
# file: Commercial/International/
# owner: dan
# group: __USERS__
user::r-x
user:dan:r-x #effective:r-x
group::rwx #effective:rwx
group:Commercial:rwx #effective:rwx
mask::rwx
other::r-x
default:user::rwx
default:user:dan:rwx #effective:rwx
default:group::rwx #effective:rwx
default:group:Commercial:rwx #effective:rwx
default:mask::rwx
default:other::---
root@DM:/home/samba/shares# getfacl -e Commercial/International/NewRequest/
# file: Commercial/International/NewRequest/
# owner: root
# group: __USERS__
user::rwx
user:dan:rwx #effective:rwx
group::rwx #effective:rwx
group:Commercial:rwx #effective:rwx
mask::rwx
other::rwx
default:user::rwx
default:user:dan:rwx #effective:rwx
default:group::rwx #effective:rwx
default:group:Commercial:rwx #effective:rwx
default:mask::rwx
default:other::rwx
as you can see acl is enable for my file system.
my problem is dan user can not write in
Commercial/International/NewRequest/ as I want it can read this folder but can not make any folder or new file in it.
what do I miss ? what is the problem?