Samba "Modify" permission - Grin with cat attached — LiveJournal
Previous Entry Next Entry
Samba "Modify" permission Sep. 22nd, 2005 07:43 pm
I've set up Samba on a debian box to share a subversion sandbox. When I try and perform SVN operations such as commmit, update, I get the "scream of the dying tortoise" and get told I can't set a file in the share read-write. Now, looking at the permissions on that file in a windows box, I can see that I have Read, Write permissions, but not "Modify", "Full Control" or "Read & Execute" (IIRC).

Now I'm pretty sure what I need is either Full Control or Modify. How in *&*&*(& do I get this?

All help *VERY* gratefully received! Once I crack this I might actually be able to get this server controlled.
Tags: ,

From: bondagewoodelf
Date: September 22nd, 2005 - 07:59 pm (Link)
AFAIK for Samba to support 'real Windows ACLs' you need at least:

- Samba 3, I think here we've got it working with 3.0.14a-3 (the one from Debian stable)
- the ext3 filesystem mounted with the 'acl' option

I'm not sure how the other admin responsible for the integration of Samba with the Windows Active Directory domain have set this up, but if you want I can ask?

Posix ACLs

From: bondagewoodelf
Date: September 22nd, 2005 - 08:08 pm (Link)
- the ext3 filesystem mounted with the 'acl' option

Btw, this requires the kernel to support:

<*> Ext3 journalling file system support
  [*]   Ext3 extended attributes                                                                  
    [*]     Ext3 POSIX Access Control Lists                                                         

Re: Posix ACLs

From: babysimon
Date: September 22nd, 2005 - 08:44 pm (Link)
I'm sure you're right, but I dunno whether Wechsler is trying to "do" Windows ACLs or just using them to find out why it's not working.

If it's the latter, forget ACLs and just check the unix permissions. We use exactly this setup at work (samba+subversion+tortoise); we just user the "force user" option to give everyone the same unix user.

Re: Posix ACLs

From: wechsler
Date: September 22nd, 2005 - 10:28 pm (Link)
Indeed - I'll settle for working out why I'm not able to set attributes on the files, and fixing that. I can read & write to that drive fine (AFAIK) but just not do the appropriate privs change.

Actually it looks like I've got the exact same issue between my powerbook and the shared drive on my home server.

smb.conf for that one is:

panic action = /usr/share/samba/panic-action %d
workgroup = LEYLINE
server string = %h server (Samba %v)
invalid users = root
log file = /var/log/samba/log.%m
max log size = 1000
; syslog only = no
syslog = 0
; security = user
encrypt passwords = true
passdb backend = tdbsam guest
; include = /home/samba/etc/smb.conf.%m
socket options = TCP_NODELAY
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
obey pam restrictions = yes

comment = Home Directories
browseable = yes

Re: Posix ACLs

From: bondagewoodelf
Date: September 22nd, 2005 - 10:38 pm (Link)
I think the extra attributes are not possible -unless- they are stored somewhere on the filesystem, hence the requirement for Posix ACLs on ext3: no extra attributes -> no ACLs other then unix type ACls: read/write/execute.

Re: Posix ACLs

From: bondagewoodelf
Date: September 23rd, 2005 - 10:22 am (Link)