[Samba] changing ACLs only as owner possible - Samba

This is a discussion on [Samba] changing ACLs only as owner possible - Samba ; Hello! I have the following problem: I have an linux file server (member server ADS), with authenticating against ADS. It works fine. All user data / memberships are correct. ACLs works successfully for reading and so on. But I'll can* ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [Samba] changing ACLs only as owner possible

  1. [Samba] changing ACLs only as owner possible

    Hello!

    I have the following problem:

    I have an linux file server (member server ADS), with authenticating
    against ADS. It works fine. All user data / memberships are correct.
    ACLs works successfully for reading and so on.

    But I'll can* change ACLs, if i'm the owner of this file/folder. If I'm
    member of an ownerproup or I have full access via ACLs (as user or as a
    member of a group) I always get an error message:

    setfacl: test_unixgrpvoll: Operation not permitted

    Any Ideas?

    Thanks!!
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. [Samba] Re: changing ACLs only as owner possible

    Bjoern_80@gmx.de wrote:

    > But I'll can* change ACLs, if i'm the owner of this file/folder. If I'm
    > member of an ownerproup or I have full access via ACLs (as user or as a
    > member of a group) I always get an error message:
    >
    > setfacl: test_unixgrpvoll: Operation not permitted


    RTFL hels in this case!

    from smb.conf(5)

    --cut--
    dos filemode (S)

    The default behavior in Samba is to provide UNIX-like behavior where
    only the owner of a file/directory is able to change the permissions
    on it. However, this behavior is often confusing to DOS/Windows
    users. Enabling this parameter allows a user who has write access
    to the file (by whatever means) to modify the permissions
    (including ACL) on it. Note that a user belonging to the group owning
    the file will not be allowed to change permissions if the group
    is only granted read access. Ownership of the file/directory may also
    be changed.

    Default: dos filemode = no
    --cut--

    from setfacl(1)

    --cut--
    PERMISSIONS

    The file owner and processes capable of CAP_FOWNER are granted the
    right to modify ACLs of a file. This is analogous to the permissions
    required for accessing the file mode. (On current Linux systems, root
    is the only user with the CAP_FOWNER capability.)
    --cut--

    Regards

    Sven

    --
    /* **** me gently with a chainsaw... */
    (David S. Miller in /usr/src/linux/arch/sparc/kernel/ptrace.c)

    /me is giggls@ircnet, http://sven.gegg.us/ on the Web
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread