I have seen two other posts saying that they are having issues with ACLs and Permissions. I too am having issues, they are kinda the same kinda different. My inherited permissions properly apply 90% of the time. When it does not, it is with file downloads from a web browser (Suspect this is due to writing to a temp file then 'moving' instead of 'copying' to the correct filename), Hidden system files like '$RECYCLE.BIN' and 'Thumbs.DB', but Desktop.ini will be correct. I can manually go through and set the proper permissions and ACLs only to have them go back to the messed up versions later.
My home directory example:
Code: Select all
Root dir unix permissions are d---rwx---+ user domain_admins Directory, sub dirs will be the same except the user will be the domain user that created it.
Root Dir ACLs as Follows: (These are all to be inherited)
(ALLOW) Domain Admins: Full Control (This folder + Sub Folders & Files)
(ALLOW) User: Full Control-Change-minus-Change Permissions (Sub Folders & Files only)
The user can create any directory or file and the permissions take fine. Except $RECYCLE.BIN & Thumbs.db. Those all have the permissions of...
(DENY) User: List folder / Read data: (This Folder Only) <- Where did this come from?
(ALLOW) User: Full Control -minus- Change Permission (This Folder + Subs & Files) <-Correct IF it was inherited.
(ALLOW) User: Full Control -minus- List Folder / Read data & Delete (This Folder Only) <- Where did this come from?
(ALLOW) Domain Admins: Read & Execute, List, & Read (This Folder Only) <-Not Correct, should be Full Control
(ALLOW) Everyone: Transverse & Read (This Folder Only) <- Where did this come from?
(ALLOW) Domain Users: Transverse & Read (This Folder Only) <- Where did this come from?
None of those are inherited permissions, all explicit. If you manually set the permission to the correct ones, it will revert back to these. Code: Select all
Root dir unix permissions are d---rwx---+ user domain_admins Directory, sub dirs will be the same except the user will be the domain user that created it.
(ALLOW) Domain Admins: Full Control (This folder + Sub Folders & Files)
(ALLOW) Owner: Full Control-Change-minus-Change Permissions (Sub Folders & Files only)
The User can NOT create a new directory without getting a permission denied, then 3 New Folder will appear. The system CAN create it and WITH THE CORRECT ACLs! Except the user can not access it, they receive a access denied.
Once I change the unix permissions to 770, everything works. Until the folder is deleted due to cleanup scripts and is created again.winbindd[3174]: Failed to find domain ''. Check connection to trusted domains!
smbd[51118]: unknown interface
smbd[51332]: pcap cache not loaded
smbd[72551]: recycle: mkdir failed for .recycle/user/user with error: Permission denied
smbd[9199]: [2016/10/26 09:17:24.759242, 0] ../source3/rpc_server/srv_pipe.c:721(api_pipe_bind_req)
Plus one about unable to find a SID, I forgot to copy that one out of the log file.
I also have a strange issue of when I apply changes in Samba (plus FTP and NFS), my entire system reboots... I can restart the services via command line without issue though.