LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 12-17-2011, 02:19 AM   #1
golden_boy615
Member
 
Registered: Dec 2008
Distribution: Ubuntu Fedora
Posts: 445

Rep: Reputation: 18
problem with samba and ACL ,ACL does not work as I want


hello
I have a share folder in samba server called Commercial which it has some sub directories as:
Quote:
Commercial/International/NewRequest/
and I have a user, "dan", which I want it to have these permissions to this hierarchy:
Quote:
Commercial/:can read the content but does not have permission to change any thing or delete or add any new folder
Commercial/International/:can read the content but does not have permission to change any thing or delete or add any new folder
Commercial/International/NewRequest/:has full permission to do anything he wants here
my configurations is as follows:
Quote:
cat /etc/samba/smb.conf
[global]
workgroup = DM-DOMAIN
netbios name = DM
server string = DM File Server
enable privileges = yes
interfaces = lo,eth0,eth1,eth2
bind interfaces only = Yes
passdb backend = ldapsam:ldapi://%2fvar%2frun%2fslapd%2fldapi
ldap ssl = Off
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
vfs objects = full_audit
full_audit:success = connect opendir open disconnect unlink mkdir rmdir rename
full_audit:failure = none
smb ports = 137 138 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
wins support = Yes
dns proxy = Yes
ldap suffix = dc=DM,dc=DM,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=ebox,dc=DM,dc=DM,dc=com
map acl inherit = Yes
printing = cups

[Commercial]
comment = Commercial
path = /home/samba/shares/Commercial
valid users = "mak", "dan", @"Commercial", @"Managers"
read list = "mak", "dan"
write list = @"Commercial"
admin users = @"Managers"
read only = No
browseable = Yes
force create mode = 0440
force directory mode = 0660
vfs objects = full_audit recycle
recycle: versions = Yes
recycle: repository = /home/.Recycles/%U/%I_%S_%T_RecycleBin
recycle: keeptree = Yes
recycle: excludedir = /tmp|/var/tmp
recycle: directory_mode = 0700
and fstab:
Quote:
root@DM:~# cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc nodev,noexec,nosuid 0 0
/dev/mapper/isw_jaccaghaj_DM1 / ext4 errors=remount-ro,usrquota,grpquota,acl 0 1
/dev/mapper/isw_jaccaghaj_DM5 none swap sw 0 0
and acl configuration:
Code:
root@DM:/home/samba/shares# getfacl -e Commercial/
# file: Commercial/
# owner: ebox
# group: __USERS__
user::rw-
user:dan:r-x                    #effective:r-x
group::r-x                      #effective:r-x
group:Commercial:rwx            #effective:rwx
mask::rwx
other::---
default:user::rw-
default:user:dan:rwx            #effective:rwx
default:group::r-x              #effective:r-x
default:group:Commercial:rwx    #effective:rwx
default:mask::rwx
default:other::---

root@DM:/home/samba/shares# getfacl -e Commercial/International/
# file: Commercial/International/
# owner: dan
# group: __USERS__
user::r-x
user:dan:r-x                    #effective:r-x
group::rwx                      #effective:rwx
group:Commercial:rwx            #effective:rwx
mask::rwx
other::r-x
default:user::rwx
default:user:dan:rwx            #effective:rwx
default:group::rwx              #effective:rwx
default:group:Commercial:rwx    #effective:rwx
default:mask::rwx
default:other::---

root@DM:/home/samba/shares# getfacl -e Commercial/International/NewRequest/
# file: Commercial/International/NewRequest/
# owner: root
# group: __USERS__
user::rwx
user:dan:rwx                    #effective:rwx
group::rwx                      #effective:rwx
group:Commercial:rwx            #effective:rwx
mask::rwx
other::rwx
default:user::rwx
default:user:dan:rwx            #effective:rwx
default:group::rwx              #effective:rwx
default:group:Commercial:rwx    #effective:rwx
default:mask::rwx
default:other::rwx
as you can see acl is enable for my file system.
my problem is dan user can not write in Commercial/International/NewRequest/ as I want it can read this folder but can not make any folder or new file in it.
what do I miss ? what is the problem?
 
Old 12-18-2011, 09:18 AM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 4,195

Rep: Reputation: 1284Reputation: 1284Reputation: 1284Reputation: 1284Reputation: 1284Reputation: 1284Reputation: 1284Reputation: 1284Reputation: 1284
Quote:
Originally Posted by golden_boy615 View Post
what do I miss ? what is the problem?
Look in /var/log/samba/log.*
Are you getting any errors logged?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Why does the ACL of a file created under a directory differ from the default ACL sctebnt Linux - Security 5 12-02-2011 08:13 AM
Samba upgrade to 3.5.2 getting ACL to work Fooshnik Linux - Server 3 05-06-2010 07:28 AM
Basic Samba+ACL set-up doesn't work Klausmedk Linux - Software 7 03-21-2009 03:56 PM
iptables acl versus cisco acl id_viorel Linux - Security 1 04-09-2008 05:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration