Re: ACLS without winbind (but WITH correct user mapping)

[Colin Fowler <cfowler@xxxxxxxxxxx>]

On 22/06/12 12:22, steve wrote:
> On 22/06/12 12:50, Colin Fowler wrote:
> > On 22/06/12 11:46, steve wrote:
> > > On 22/06/12 11:41, Colin Fowler wrote:
> > > > On 21/06/12 17:50, Jeremy Allison wrote:
> > > > > On Thu, Jun 21, 2012 at 05:50:45PM +0100, Colin Fowler wrote:
> > >
> > > > Am I corect in thinking that this is something that would be 
> > > > desireable
> > > > for others and not just me and my rather oddball configuration? For
> > > > people using standalone servers, NSS/LDAP etc and any other places 
> > > > where
> > > > winbind is not used, this would be a rather useful feature, no?
> > >
> > > Hi Colin, Hi Jeremy
> > > I don't think it's so oddball. We also use nss for our rfc2307
> > > mappings from the S4 directory for Linux clients joined to the domain.
> > > It works perfectly via NFS to Linux but acls on shares on s3fs between
> > > Linux and windows are not quite right.
> > >
> > > Colin: Are you talking about setting an acl on windows and it being
> > > honoured by Linux and vica versa?
> > >
> > > Jeremy: are you saying that acl mappings 'both ways' only work with
> > > winbind?
> > >
> > > If so, a big +1 from me to get the 'both' ways working. Very
> > > desirable. Maybe this will get easier when we can put stuff like
> > > create mode= and force group= in smb.conf.
> > >
> > > Cheers,
> > > Steve
> >
> > Hi Steve, yes, I'd like users to be able to set an ACL in Windows for a
> > domain user and for it to be honoured in Linux for the mapped Unix user.
> > Currently if I set an ACL in Linux for the Unix user, it actually
> > appears correctly in the security dialog box on windows. I just can't
> > set a new ACL from Windows.
> >
> > regards,
> > Colin
> Hi Colin
> That's interesting. I have a bugzilla open on something similar:
>
> https://bugzilla.samba.org/show_bug.cgi?id=8938
>
> So, when a user creates a file, e.g. in his home folder in windows, do 
> the acl and permissions appear correct back on the fileserver or when 
> the same file is viewed on a Linux client?
>
> Cheers,
> Steve


Hi Steve, I'm running Samba 3.6.5 currently, not 4.0 and I'm running 
without winbind· When a user in windows (DOMAIN\bob) creates a file, it 
appears on linux as owned by the unix user bob. There's no acls on the 
file, just a file with the ownerships of bob and bob's primary group 
(staff). If on Linux I add an ACL for the user tom via setfacl, I can 
see the user tom in the security list in Windows as (Unix User\tom). 
What I can't do is add ACLs from windows.


Colin
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba