X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-2.6 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: sourceware.org Message-ID: <4B489B32.5070303@fastmail.fm> Date: Sat, 09 Jan 2010 10:05:22 -0500 From: Raman Gupta User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.5) Gecko/20091130 Lightning/1.0b2pre Thunderbird/3.0 MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: 1.7.1-1 noacl on samba share has incorrect directory write bit References: <20100107180214 DOT GP23972 AT calimero DOT vinschen DOT de> <4B462AFD DOT 8030809 AT fastmail DOT fm> <20100107195022 DOT GQ23972 AT calimero DOT vinschen DOT de> <4B463D68 DOT 1070906 AT fastmail DOT fm> <20100107200946 DOT GR23972 AT calimero DOT vinschen DOT de> <4B46431E DOT 7050101 AT fastmail DOT fm> <20100108103215 DOT GB27916 AT calimero DOT vinschen DOT de> <4B47626B DOT 4060104 AT fastmail DOT fm> <4B4793BC DOT 10401 AT cygwin DOT com> <4B481B64 DOT 4090502 AT fastmail DOT fm> <20100109100619 DOT GK23992 AT calimero DOT vinschen DOT de> In-Reply-To: <20100109100619.GK23992@calimero.vinschen.de> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On 01/09/2010 05:06 AM, Corinna Vinschen wrote: > On Jan 9 01:00, Raman Gupta wrote: >> Reference this mailing list discussion back in 2000: >> >> http://sources.redhat.com/ml/cygwin/2000-12/msg00546.html >> >> It appears this discussion is actually what led Corinna to add the >> smbntsec mount option. The issues are summarized well in this mail >> from Charles Wilson: >> >> http://sources.redhat.com/ml/cygwin/2000-12/msg00756.html > > The problems are mostely fixed. I'm using this setting for a long > while now. The ownership is the one of the UNIX user and group, > but that doesn't change the fact that you can read and change the > permissions. You can even fetch the user and groups from the Samba > server using mkpasswd and mkgroup. Looks like this in my environment: > > $ mkpasswd -L calimero -S_ -U root,corinna > Unix User_root:unused:10000:99999:,S-1-22-1-0:: > Unix User_corinna:unused:10500:99999:,S-1-22-1-500:: > > $ mkgroup -L calimero -S_ -U root,users > Unix Group_root:S-1-22-2-0:10000: > Unix Group_users:S-1-22-2-100:10100: I've tried this but I get, for example, permission denied when trying to change permissions on files. Here is an example: $ ls -l -rw-r--r-- 1 Unix User_root Unix Group_agroup 0 2010-01-09 09:54 bar -rw-r--r-- 1 SERVER_raman Unix Group_agroup 0 2010-01-09 09:50 foo $ id uid=1004(Raman Gupta) gid=513(None) groups=0(root),544(Administrators),545(Users),513(None) $ chmod 444 foo chmod: changing permissions of `foo': Permission denied One thing I'm not certain about is why mkpasswd returns my username twice, once with a "Unix User" prefix and once with "SERVER" prefix -- I note your example does not do that: $ mkpasswd -L server -S_ -U root,raman Unix User_root:unused:10000:99999:,S-1-22-1-0:: Unix User_raman:unused:10500:99999:,S-1-22-1-500:: SERVER_raman:unused:11000:10513:Raman Gupta,U-SERVER\raman,S-1-5-21-903485053-2526882046-1379677160-1000://server/raman:/bin/bash I also note that the file ownership is shown with the "SERVER" prefix and not the "Unix User" prefix -- perhaps that is the problem with chmod? Lastly, note I am using WinXP Home edition -- which has limited user admin/acl features. For example, the Security tab in file properties is missing (though I can add that via a download from Microsoft). But it seems to have limited ability to add users to groups and so forth, so the Security tab seems to have marginal value anyway. Cheers, Raman -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple