Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: motiv8d on August 19, 2006, 01:30:01 AM

Title: Ibays Samba shares permissions - net acl support
Post by: motiv8d on August 19, 2006, 01:30:01 AM

Hi
I have just started playing with SME 7 but I notice that the ibays are very restrictive as to user access, eg: I cant have say group1 and group2 being able to change but group4 and group5 as read only access.
As such I would like to use samba permissions with "net acl support = yes". I have set that permission and can bring up the security tab and permissions from a windows box for an ibay. However, all settings (Allow and Deny) are blank.
Can anyone advise if firstly this method will work or not or stuff the ibays up? And if not what would be the recommended way of implementing what I require in SME7.
Thanks

Title: Re: Ibays Samba shares permissions - net acl support
Post by: CharlieBrady on August 19, 2006, 03:13:51 AM

Quote from: "motiv8d"

Hi
I have just started playing with SME 7 but I notice that the ibays are very restrictive as to user access, eg: I cant have say group1 and group2 being able to change but group4 and group5 as read only access.

Linux native file systems do not have that capability.

Quote

As such I would like to use samba permissions with "net acl support = yes".

You'd need to add acl capabilities to the linux kernel filesystem layer, and make who knows what other changes to SME configurations. I'd suggest that you do research on what is required, open a bug in SME Future section, and record all your findings there in the bug tracker.

Title: Ibays Samba shares permissions - net acl support
Post by: Daniel B. on August 19, 2006, 12:47:47 PM

I also find that permissions on ibays are too limited. I've looked for acl support and have find that:
ftp://ftp.pbone.net/mirror/atrpms.net/el4-i386/atrpms/stable/acl-2.2.23-5_11.el4.at.i386.rpm
which install the acl support, then you have to edit your /etc/fstab and add the acl option on the file sytem you want (must be ext3). After a reboot it works well and you can set additionnal permissions (rwx for other groups or users, see man setfacl and getfacl). I'd like to make a panel to controle this but I didn't take time for now.
hope it'll help you
Have a good weekend

Title: Ibays Samba shares permissions - net acl support
Post by: motiv8d on August 22, 2006, 02:33:36 AM

Thanks CharlieBrady and VIP-ire.
That is great news. I also am aware that Centos 4.3 has ACL support built into the standard kernel and thus as SME 7 is built on this it too should.

Title: Ibays Samba shares permissions - net acl support
Post by: motiv8d on August 22, 2006, 02:41:47 AM

Also I just found this about the July 2006 Samba release. It indicates that ACL selection from Windows client should now work. :-)

                  ===============================
                   Release Notes for Samba 3.0.23a
                             Jul 21, 2006
                   ===============================

Common bugs fixed in 3.0.23a include:

  o Failure to strip the domain name from groups when 'winbind
    use default domain = yes'
  o Failure in pam_winbind to correctly parse arguments.
  o Bad token creation of local users on member servers not
    running winbindd.
  o Failure to add users or groups to ACLs using the Windows
    object picker.
  o Failure in file serving code when 'kernel oplocks = yes'.