Confusion with permissions

samba-ad

#1

Hello,
I have a problem with folder permissions. Better will explains the screenshots:
here you can see, directory settings


here I have added users into the group:

all is saved, even samba is restarted but still I have a problem with authorized user create folder(no permissions) and next strange is:

root@server:~# getfacl /home/erka/SECRETARY/
getfacl: Removing leading '/' from absolute path names
# file: home/erka/SECRETARY/
# owner: root
# group: top-secret
user::rwx
group::r-x
other::r-x

why the folder has not the same permissions as is set via web management?
could be the problem that is wrongly set group …because as we see getfacl display group top-secret, but actually is the group Domain Group and not System Group:


how can I set for the folder Domain Group?

additional info:
right now I see, that even I have problem to connect into the folder with user who is in the group top-secret
tree connect failed: NT_STATUS_ACCESS_DENIED


#2

why the folder has not the same permissions as is set via web management?
could be the problem that is wrongly set group …because as we see getfacl display group top-secret, but actually is the group Domain Group and not System Group:

I think you are mixing POSIX ACLs with Unix Permissions. A user has to be able to visit every single branch in the directory structure:

given: /home/erka/secretary
access right: group “top secret” may “rwx” (read, write, execute)
user: “test” in group “top secret”
test: the user has to be able to visit the following

/home/
/home/erka/
/home/erka/secretary/

If the access rights on /home/ or /home/erka/ are wrong, the user cannot access the /…/secretary/ folder.