Project

General

Profile

Bug #18793

AD-SMB problem

Added by Gábor Varju almost 4 years ago. Updated about 3 years ago.

Status:
Closed: User Config Issue
Priority:
No priority
Assignee:
John Hixson
Category:
OS
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Hi,
I have a Zentyal AD and a FreeNas in this domain. The Freenas has 1 volume with 3 dataset (windows permissions and the owner user/group is the domain admin and the domain users). I have 1-1 NFS share for every Dataset. Everything work well but I have a big problem. If a domain user has READ permission on a folder or file he/she can DELETE it! Can't write on the folder or make another file in it but can DELETe! ( I use a windows machine for try to set the permissions and work well everything (see the users, se the groups, set the permissions) exept it)

History

#1 Updated by Gábor Varju almost 4 years ago

  • File debug-freenas-20161108135030.txz added

#2 Updated by Gábor Varju almost 4 years ago

Gábor Varju wrote:

Hi,
I have a Zentyal AD and a FreeNas in this domain. The Freenas has 1 volume with 3 dataset (windows permissions and the owner user/group is the domain admin and the domain users). I have 1-1 NFS share for every Dataset. Everything work well but I have a big problem. If a domain user has READ permission on a folder or file he/she can DELETE it! Can't write on the folder or make another file in it but can DELETe! ( I use a windows machine for try to set the permissions and work well everything (see the users, se the groups, set the permissions) exept it)

NO NFS Share --> SMB share (sorry)

#3 Updated by Heather Ownby almost 4 years ago

  • Assignee set to Erin Clark

#4 Updated by Vaibhav Chauhan almost 4 years ago

  • Target version set to 9.10.2-U1

BRB: Erin please screen the bug.

#5 Updated by Erin Clark almost 4 years ago

  • Status changed from Unscreened to Screened

#6 Updated by Gábor Varju almost 4 years ago

Vaibhav Chauhan wrote:

BRB: Erin please screen the bug.

Hi Erin,

Could I help for you to repair this Bug somehow?
Thanks

Gabor

#7 Avatar?id=14398&size=24x24 Updated by Kris Moore over 3 years ago

  • Target version changed from 9.10.2-U1 to 9.10.2-U3

#8 Avatar?id=14398&size=24x24 Updated by Kris Moore over 3 years ago

  • Target version changed from 9.10.2-U3 to 9.10.4

#9 Avatar?id=14398&size=24x24 Updated by Kris Moore over 3 years ago

  • Target version changed from 9.10.4 to 11.1

#10 Updated by Erin Clark about 3 years ago

  • Status changed from Screened to Unscreened
  • Assignee changed from Erin Clark to John Hixson

I haven't worked on the middleware for a while, passing to John

#11 Updated by John Hixson about 3 years ago

  • Status changed from Unscreened to Screened

#12 Updated by John Hixson about 3 years ago

  • Status changed from Screened to Closed: User Config Issue

Hi Gábor,

Every share you are exporting by samba gives FULL permissions for either domains users or ovzrtusers. This includes delete as well. What you need to do is limit the permissions for group.
  1. owner: OVZRTDOM\administrator
  2. group: OVZRTDOM\domain users
    owner@:rwxpDdaARWcCos:fd-----:allow
    group@:rwxpDdaARWcCos:fd-----:allow
    everyone@:r-x---a-R-c---:fd-----:allow
  1. file: /mnt/Adat/teszt
  1. file: /mnt/Adat/Users
  2. owner: OVZRTDOM\administrator
  3. group: OVZRTDOM\ovzrtusers
    owner@:rwxpDdaARWcCos:fd-----:allow
    group@:rwxpDdaARWcCos:fd-----:allow
    everyone@:r-x---a-R-c---:fd-----:allow

see the lines for both of these that have group@ ? That is full control. You can manage this on the windows side. Remove the permissions and set them the way you want ;-)

#13 Avatar?id=14398&size=24x24 Updated by Kris Moore about 3 years ago

  • Seen in changed from Unspecified to N/A

#14 Updated by Dru Lavigne about 3 years ago

  • File deleted (debug-freenas-20161108135030.txz)

#15 Updated by Dru Lavigne about 3 years ago

  • Target version changed from 11.1 to N/A
  • Private changed from Yes to No

Also available in: Atom PDF