[Samba] Restrict permission changes
Eric Diven
eric.diven at edsiohio.com
Mon Jun 16 14:58:18 GMT 2008
Hmmm. I don't know if there's a way to do this in smb.conf. Maybe somebody else knows. Failing that, if it's appropriate to your environtment, you can have a unix user own the files (who never logs on as a windows user) and set the inherit owner option in the smb.conf file. That's a lousy solution if you actually need to have people owning their own files though. Is it even possible to do this under Windows natively?
I completely understand why you want to do this, Windows ACLs vs Unix ACLs and perms quickly get nasty.
If you're on a filesystem that supports NFS v4 ACLs (rare enough, I know), could you remove WRITE_DACL permission from the owner's ACE?
~Eric
-----Original Message-----
From: Jan Patrick Lübbert [mailto:mailinglist at jpluebbert.de]
Sent: Monday, June 16, 2008 10:49 AM
To: Eric Diven
Subject: Re: [Samba] Restrict permission changes
No, both of them off. Only the owner can change permissions, that's right, but I want to restrict it so nobody is able to change them.
Jan
> -----Original Message-----
> Do you have acl group control = yes or dos filemode = yes in your smb.conf?
> By default only the owner of the files should be able to change permissions. Either of these affect that.
> ~Eric
> -----Original Message-----
> From: samba-bounces+eric.diven=edsiohio.com at lists.samba.org
> [mailto:samba-bounces+eric.diven=edsiohio.com at lists.samba.org] On
> Behalf Of Jan Patrick Lübbert
> Sent: Monday, June 16, 2008 9:33 AM
> To: samba at lists.samba.org
> Subject: [Samba] Restrict permission changes
> Hello,
> I've a share with preset permissions on different directories including acls.
> So in one folder for example users can only read and into other read and write.
> Everything works fine. The Problem is if one user decides to change
> the permission of a file or directory (via Windows) the acls and permissions get are messed up.
> How can I restrict users from changing permission on a share? I tried
> "security mode" and "force security mode", but the acls alsways get deleted.
> Thanks
> Jan
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
--
Mit freundlichen Grüssen
Jan Patrick Lübbert mailto:mailinglist at jpluebbert.de
More information about the samba
mailing list