[Samba] Permissions not recursive on win2K?
This is a discussion on [Samba] Permissions not recursive on win2K? within the Samba forums, part of the Networking and Network Related category; Sorry for the report, but I got exactly zero replies, so I will try again: Way back on Mar 10 ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-19-2005
|
|||
|
|||
[Samba] Permissions not recursive on win2K?
Sorry for the report, but I got exactly zero replies, so I will try again:
Way back on Mar 10 2004, I wrote this: > > ========== > Perhaps this is a known problem, and if so, hopefully it is fixed > in 3.x: > > Win2K SP4 clients, Samba 2.2.8a servers on Linux using ACL > support with > XFS filesystem (Redhat SGI-XFS build, and Mandrake 9.2). > > Adding/editing an ACL for an NT domain group (or user) to a > folder on samba, and > attempting to apply permissions to all subdirs and files only > goes one > level deep when using the win2k standard gui tool. ie: Only > ACLS for the > selected folder and files in top level are touched. Problem does > not occur > when using an NT4 client. Interestingly, using the NT4 security > dialog on > win2k (by way of the RSHXMENU powertoy for NT) works fine > on win2K. > > Is this a known issue? I can provide conf and debug output if > necessary, > but I assumed someone else must have seen this already (and > fixed it? :-) > ========== > > Then, I got this reply: > > >On 24 Mar 2004 at 9:13, Gerald (Jerry) Carter wrote: > > > > Yup. It is fixed in 3.0 what what I remember. Jeremy worked > on it. > > Eventually I got around to upgrading the affected servers to > 3.0.11, but the problem persists, and I didn't have time to dig > into it. Now I need to replace two samba servers, and would > like to resolve this issue. I've now read the release notes from > 3.0.12 to 3.0.20RC2 and couldn't find mention of a fix. I am now running 3.0.14a, but the permissions recursion problem still exists. Each time I apply permissions to a tree using the Win2K GUI, the addition or removal of an ACL will move exactly one level deeper than before. I n other words, if the tree is 4 levels deep, it will take 3 passes of the operation before the ACL change appears in the 4th level. This long standing problem is seriously limiting our migration to samba. Can someone please tell me if this has been fixed in 3.0.20? I have offered configs, debug, etc. and the offer still stands. I just want to see this problem fixed, and can't believe it is not affecting more users. For the record, here is the environment: Mandrake 10.1 with ACL support on XFS The share used for testing the issue is the "home" share. PDC is running NT4 SP6a Client used for setting ACLs running Win2K SP4, tested using GUI, cacls, and xcacls. Build options: ../configure --with-winbind --with-acl-support --with-quotas -- sbindir=/usr/sbin --bindir=/usr/bin --localstatedir=/var/log/samba --with- swatdir=/usr/share/swat --with-lockdir=/var/cache/samba --with- configdir=/etc/samba --with-piddir=/var/run conf file: [global] workgroup = SHAWNIGAN netbios name = ADMIN3 server string = ADMIN3 Server winbind uid = 10000-20000 winbind enum users = yes winbind gid = 10000-20000 winbind separator = + winbind enum groups = yes disable spoolss = yes unix password sync = no max xmit = 65535 hosts allow = 10. 72.2.0. dns proxy = no oplocks = yes inherit permissions = yes debug level = 1 security = domain getwd cache = yes log level = 3 read raw = yes write raw = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=16384 SO_SNDBUF=16384 wins server = 72.2.0.5 72.2.0.4 create mask = 0700 domain master = no map to guest = never null passwords = no encrypt passwords = yes template shell = /bin/false dead time = 0 password level = 0 password server = * directory mask = 0700 preferred master = no [homes] comment = Staff Home Directories browseable = no writable = yes available = yes public = no create mask = 2700 inherit permissions = yes nt acl support = no force group = "shawnigan+domain users" force security mode = 0777 path = /home/staff/%U [home] comment = Homes browseable = yes writable = yes available = yes public = no only user = no path=/home valid users = @"shawnigan+domain admins" admin users = @"shawnigan+domain admins" [sysroot] comment = sysroot valid users = @"shawnigan+domain admins" admin users = @"shawnigan+domain admins" writeable = yes path = / hosts allow =10.4. 72.2.0. [staffhome] comment = Staff Homes - Web Access browseable = yes writable = yes available = yes public = no only user = no path=/home/staff valid users = @"shawnigan+domain admins","shawnigan+Apache- Internal" admin users = @"shawnigan+domain admins" -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca swright@sls.bc.ca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
Linear Mode
