[Samba] Samba + ACL cosmetic improvement?

Tom Dickson tdickson at inostor.com
Thu Jul 15 20:29:16 GMT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hmmm. Silly SNAP systems do what I want (squash "everyone" if it is
- ---). Anyone know what modifications they make to Samba?

I'm using GuardianOS 3.0.099, and it seems to have some extended ACLs
that I don't recognize.

user::rwxdpo
user:admin:rwxdpo
group::------
group:admin:rwxdpo
mask::rwxdpo
other::r-x---
default:user::rwxdpo
default:user:admin:rwxdpo
default:group::------
default:group:admin:rwxdpo
default:mask::rwxdpo
default:other::r-x---


rruegner wrote:
| Hi,
| you got the same problem, many win admins have,
| removing group everyone happens everywhere( in this group is everyone g
| )in big windows hosting active dir companies, this makes their helpdesks
| crazy *g.
| Also deny permissions functions are simply a hoax by ms
| I know windows book writers which have no real answer and say simply
| "dont use it", maybe you are able to make cosmetic debuging with samba
| about that but you will see another kind of problem will come up *g
| So i wouldnt invest to much time in debugging a feature which is simply
| rubbish from the creators of win and makes trouble in purly win networks
| too
| Best Regards
|
|
| Tom Dickson schrieb:
|
| My users are complaining that to remove "Everyone" permissions from a
| folder's ACL they have to "Deny" all permissions. This causes a Windows
| warning to appear: "You have denied everyone access to New Folder. No
| one will be able to access New Folder and only the owner will be bale to
| change the permissions. Do you wish to continue?"
|
| This is confusing, because world permissions of --- will NOT prevent
| other groups assigned either as the default group or in the POSIX ACL
|
|>>> from working.
|
|
|
| What I'd like to see is the following improvements. If the "Everyone"
| group is removed by the Windows security editor, Samba sets world
| permissions to "---". If the Everyone group is added, then Samba
| modifies world permissions accordingly. And if the world or default
| group permissions are "---", Samba does not display them in the Windows
| ~   ACL dialog.
|
| Are there any objections why this wouldn't work? I'm tired of explaining
| that the deny button really isn't denying everybody, and why the "Domain
| Users" group cannot be removed, etc.
|
| (using 2.4.26 bestbits XFS+ACL, Samba 3.0.2a)
|
| -Tom

| .

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFA9ukb2dxAfYNwANIRAprbAJ915mMGR9CpCq+kdGxYhkdnXpMRggCfZaz2
wJBFfPQU6Nn724kenwcE+2U=
=jVw1
-----END PGP SIGNATURE-----

More information about the samba mailing list