On Sun, 2013-10-13 at 22:31 +0200, Marc Muehlfeld wrote: > Hello, > > a while ago I wrote the > http://wiki.samba.org/index.php/Setup_and_configure_file_shares HowTo. > > When I wrote the HowTo, I setup and configured the share on a DC - what > still works like described. Today I tried the first time to do exactly > the same on a 4.0.10 and 4.1.0 _member server_, and it doesn't work there. > > The share in smb.conf: > [demo] > path = /srv/samba/Demo > read only = no > > The folder in the filesystem (XFS): > drwxr-xr-x 2 root root 6 13. Okt 22:16 /srv/samba/Demo > > I connect to the share as Domain Admin, right-click to it and go to the > "security" tab. Here I see now "everyone" and two "root" entries. > - I click the "edit" button and remove the two "root" entries. When I > click "apply", everything is reset (the two entries went back". > - If i grant "modify" to "everyone" - where all "allow" entries are > empty per default and click "apply", then all boxes are checked > automatically (full access) and "CREATOR OWNER" and "CREATOR GROUP" > appear. And this two can't be removed as well any more. > > > If I do exactly the same on a DC, then already the security tab shows on > the first time I open it very different settings. The wiki screenshot > shows them: > http://wikiupload.samba.org/images/8/8f/Demo_Share_Security.png). But > the folder on Linux side is also just 755 (and without any extended ACLs > when I begin). Also whatever I change (like remove "root" from the ACLs) > everything is done like expected and saved. > > > The member server is also self compiled. I installed all packages on my > RHEL6 that I have installed on the DC too. > > > Any idea what could be different on a 4.x member than on a DC? Or did I > find a bug? > > > Regards > Marc
Hi It looks like that on the DC, Administrator already has admin permissions on the share (like root in Linux) but on a file server he doesn't. You have to specify Administrator as an admin user or give him full posix rights on the share using setfacl. Summary.mAdministrator behaves as: DC: like root on a Linux box File server: a normal unprivileged domain user I think the file server is correct. Windows doesn't have a user like root. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
