Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] frustrations with shares
6 views
Skip to first unread message
Frank Kahle
Jul 27, 2016, 2:20:04 PM7/27/16
to
I am trying to allow users with permissions in one group (DEV) to have full
access to a folder that is owned by (QA). I have not been able to figure
this out. Its running samba 4.2 in WORKGROUP mode (I can find everything
for domain but I am not ready for that). Its running on freebsd on the
latest nas4free build NAS with a ZFS file system..
Thanks in advance
Frank Kahle
FileCatalyst | Unlimi-Tech Software
Recipient of the 66th Annual Technology and Engineering EmmyR Award
+ 1 613 667 2439 ext 114
1 877 327 9387 NA toll-free
1 613 986 4896 mobile
<http://www.filecatalyst.com> www.filecatalyst.com
1725 St. Laurent Blvd, #205
Ottawa, On
K1G 3V4
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
access to a folder that is owned by (QA). I have not been able to figure
this out. Its running samba 4.2 in WORKGROUP mode (I can find everything
for domain but I am not ready for that). Its running on freebsd on the
latest nas4free build NAS with a ZFS file system..
Thanks in advance
Frank Kahle
FileCatalyst | Unlimi-Tech Software
Recipient of the 66th Annual Technology and Engineering EmmyR Award
+ 1 613 667 2439 ext 114
1 877 327 9387 NA toll-free
1 613 986 4896 mobile
<http://www.filecatalyst.com> www.filecatalyst.com
1725 St. Laurent Blvd, #205
Ottawa, On
K1G 3V4
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
David Bear
Jul 30, 2016, 10:50:02 PM7/30/16
to
using posix acls?
On Wed, Jul 27, 2016 at 10:47 AM, Frank Kahle <fka...@filecatalyst.com>
wrote:
--
David Bear
mobile: (602) 903-6476
On Wed, Jul 27, 2016 at 10:47 AM, Frank Kahle <fka...@filecatalyst.com>
wrote:
David Bear
mobile: (602) 903-6476
Frank Kahle
Aug 2, 2016, 8:30:04 AM8/2/16
to
Do you have a good doc that you can point me to?
Sincerely,
Frank
From: David Bear [mailto:dwbe...@gmail.com]
Sent: Saturday, July 30, 2016 10:46 PM
To: Frank Kahle <fka...@filecatalyst.com>
Cc: samba <sa...@lists.samba.org>
Subject: Re: [Samba] frustrations with shares
using posix acls?
1 877 327 9387 <tel:1%20877%20327%209387> NA toll-free
1 613 986 4896 <tel:1%20613%20986%204896> mobile
<http://www.filecatalyst.com> www.filecatalyst.com <http://www.filecatalyst.com>
Sincerely,
Frank
From: David Bear [mailto:dwbe...@gmail.com]
Sent: Saturday, July 30, 2016 10:46 PM
To: Frank Kahle <fka...@filecatalyst.com>
Cc: samba <sa...@lists.samba.org>
Subject: Re: [Samba] frustrations with shares
using posix acls?
On Wed, Jul 27, 2016 at 10:47 AM, Frank Kahle <fka...@filecatalyst.com <mailto:fka...@filecatalyst.com> > wrote:
I am trying to allow users with permissions in one group (DEV) to have full
access to a folder that is owned by (QA). I have not been able to figure
this out. Its running samba 4.2 in WORKGROUP mode (I can find everything
for domain but I am not ready for that). Its running on freebsd on the
latest nas4free build NAS with a ZFS file system..
Thanks in advance
Frank Kahle
FileCatalyst | Unlimi-Tech Software
Recipient of the 66th Annual Technology and Engineering EmmyR Award
+ 1 613 667 2439 ext 114 <tel:1%20613%20667%202439%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20ext%20114>
I am trying to allow users with permissions in one group (DEV) to have full
access to a folder that is owned by (QA). I have not been able to figure
this out. Its running samba 4.2 in WORKGROUP mode (I can find everything
for domain but I am not ready for that). Its running on freebsd on the
latest nas4free build NAS with a ZFS file system..
Thanks in advance
Frank Kahle
FileCatalyst | Unlimi-Tech Software
Recipient of the 66th Annual Technology and Engineering EmmyR Award
1 877 327 9387 <tel:1%20877%20327%209387> NA toll-free
1 613 986 4896 <tel:1%20613%20986%204896> mobile
<http://www.filecatalyst.com> www.filecatalyst.com <http://www.filecatalyst.com>
L.P.H. van Belle
Aug 2, 2016, 9:50:03 AM8/2/16
to
A "good" acl manual.
http://www.vanemery.com/Linux/ACL/linux-acl.html
As i do prefeer the debian os, but i do really like the archlinux wiki.
https://wiki.archlinux.org/index.php/Access_Control_Lists
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Frank Kahle
> Verzonden: dinsdag 2 augustus 2016 13:55
> Aan: 'David Bear'
> CC: 'samba'
> Onderwerp: Re: [Samba] frustrations with shares
Gaiseric Vandal
Aug 3, 2016, 2:30:03 PM8/3/16
to
On Solaris at least , ZFS is using NFS acl's not posix. (not sure
how different the two are.) I did find that setting file permissions
in solaris wouldn't always behave as I expected. (Samba was compiled
with ZFS support.) Sometimes easier to make your self the owner of the
directory then set the permissions via windows.
how different the two are.) I did find that setting file permissions
in solaris wouldn't always behave as I expected. (Samba was compiled
with ZFS support.) Sometimes easier to make your self the owner of the
directory then set the permissions via windows.
L.P.H. van Belle
Aug 4, 2016, 2:40:02 AM8/4/16
to
I dont know much about Solaris, but i found this.
There are problems with ACL's across platforms:
the uid has to match numerically
the gid has to match numerically
the NSF mount has to support the ACL operations, e.g., if the ACL grants write, but the remote file system is read-only then the ACL can not be honored.
See:
http://nfs.sourceforge.net/nfs-howto/ar01s06.html
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Gaiseric Vandal
> Verzonden: woensdag 3 augustus 2016 19:45
> Aan: sa...@lists.samba.org
There are problems with ACL's across platforms:
the uid has to match numerically
the gid has to match numerically
the NSF mount has to support the ACL operations, e.g., if the ACL grants write, but the remote file system is read-only then the ACL can not be honored.
See:
http://nfs.sourceforge.net/nfs-howto/ar01s06.html
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Gaiseric Vandal
> Verzonden: woensdag 3 augustus 2016 19:45
> Aan: sa...@lists.samba.org
Andrew Walker
Aug 4, 2016, 1:20:04 PM8/4/16
to
"NFS" in this case is referring to NFSv4-style ACLs vs Posix-style ACLs. In
general, I believe the best way to manage ZFS ACLS is to enable the
"zfsacl" VFS module, chown the root directory of the share so that it's
owned the user you'll be doing admin from. Then in Windows File Explorer
navigate to \\<samba server>, right-click on the share, click properties,
click on the security tab, and fine-tune the ACL as needed.
Other methods of modifying ACLs on your NAS4Free server are the command
line utilities "smbcacls" and "setfacl", but using a windows client is
probably the best way of doing this. "getfacl" can be used to view ACLs.
Since you're dealing with ZFS ACLs, it might also be a good idea to set the
"aclmode" property of the dataset you're sharing via samba to "restricted".
The comand to do this is "zfs set aclmode=restricted <pool>/<dataset>"
(i.e. "zfs set aclmode=restricted Tank/Samba"). This will cause chmod to
return an error when used on any file or directory which has a non-trivial
ACL whose entries cannot be represented by a mode. In short, it prevents
chmod from breaking your ACLs.
general, I believe the best way to manage ZFS ACLS is to enable the
"zfsacl" VFS module, chown the root directory of the share so that it's
owned the user you'll be doing admin from. Then in Windows File Explorer
navigate to \\<samba server>, right-click on the share, click properties,
click on the security tab, and fine-tune the ACL as needed.
Other methods of modifying ACLs on your NAS4Free server are the command
line utilities "smbcacls" and "setfacl", but using a windows client is
probably the best way of doing this. "getfacl" can be used to view ACLs.
Since you're dealing with ZFS ACLs, it might also be a good idea to set the
"aclmode" property of the dataset you're sharing via samba to "restricted".
The comand to do this is "zfs set aclmode=restricted <pool>/<dataset>"
(i.e. "zfs set aclmode=restricted Tank/Samba"). This will cause chmod to
return an error when used on any file or directory which has a non-trivial
ACL whose entries cannot be represented by a mode. In short, it prevents
chmod from breaking your ACLs.
0 new messages