[Samba] Changing ACLs as administrator
David Brodbeck
DavidB at mail.interclean.com
Thu Jul 25 13:26:02 GMT 2002
The idea is you create one hidden share that encompasses all your other
shares. If your disk layout makes that undesirable, you'll have to create
multiple hidden shares to use this method. (In my case, I put all the Samba
shares under /export, so it was easy.)
If you map the Domain Admin group to root, any files you create while logged
in as a Domain Admin will be owned by root. I didn't want that, so I used
the hidden share method instead.
> -----Original Message-----
> From: Rob Helmer [mailto:robert at namodn.com]
> Sent: Thursday, July 25, 2002 3:47 PM
> To: samba at lists.samba.org
> Subject: Re: [Samba] Changing ACLs as administrator
>
>
> Hi Josh,
>
>
> I don't really understand what this would accomplish. If they
> have a hidden share, then they can only change ACLs for files on
> that share, correct?
>
> Or am I missing something?
>
>
>
> Thanks,
> Rob
>
>
> On Thu, Jul 25, 2002 at 01:41:02PM -0500, Samba wrote:
> > One work-around would be to create a hidden share that only
> Domain Admins
> > can access. The use "force user=root" on that share. Then
> you'll be able to
> > change ACL's and not be root.
> >
> > Josh
> >
> > > -----Original Message-----
> > > From: Tanstaafl [mailto:tanstaafl_bh at netzero.net]
> > > Sent: Thursday, July 25, 2002 1:36 PM
> > > To: 'Samba List'
> > > Subject: Re: [Samba] Changing ACLs as administrator
> > >
> > >
> > > You must be logged in as root - or I think you can map the
> > > Domain Admin
> > > account *to* the root account, which accomplishes the same thing?
> > >
> > > Simon
> > >
> > > ----- Original Message -----
> > > From: "Rob Helmer" <robert at namodn.com>
> > > To: <samba at lists.samba.org>
> > > Sent: Thursday, July 25, 2002 2:35 PM
> > > Subject: [Samba] Changing ACLs as administrator
> > >
> > >
> > > > Hello,
> > > >
> > > >
> > > > While the interesting discussion on POSIX ACLs vs. NT ACLs has
> > > > been going on, I've been trying ( unsuccessfully ) from
> a Windows
> > > > box logged in as DOMAIN\Administrator change ACLs on a file
> > > > owned by a user.
> > > >
> > > > I just get "Access denied" every time I attempt it.
> > > >
> > > > I have tried setting in the smb.conf :
> > > >
> > > > --
> > > > domain admin group = DOMAIN+Domain Admins
> > > > --
> > > >
> > > > and
> > > >
> > > > --
> > > > domain admin group = DOMAIN+Administrator
> > > > --
> > > >
> > > > but I still don't seem to have this access.
> > > >
> > > > Is there something I am missing?
> > > >
> > > > Any pointers would be great :) I want to let designated
> > > domain admins
> > > > change ACLs, since NT ACL's "Take Ownership" doesn't seem
> > > to be possible
> > > > with the current POSIX ACL/Samba combination.
> > > >
> > > >
> > > >
> > > > Thanks,
> > > > Rob
> > > >
> > > > --
> > > > To unsubscribe from this list go to the following URL
> and read the
> > > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > > >
> > > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list