[Samba] Restrict permission changes

Eric Diven eric.diven at edsiohio.com
Mon Jun 16 14:58:18 GMT 2008 

Hmmm.  I don't know if there's a way to do this in smb.conf.  Maybe somebody else knows.  Failing that, if it's appropriate to your environtment, you can have a unix user own the files (who never logs on as a windows user) and set the inherit owner option in the smb.conf file.  That's a lousy solution if you actually need to have people owning their own files though.  Is it even possible to do this under Windows natively?

I completely understand why you want to do this, Windows ACLs vs Unix ACLs and perms quickly get nasty.

If you're on a filesystem that supports NFS v4 ACLs (rare enough, I know), could you remove WRITE_DACL permission from the owner's ACE?

~Eric  

-----Original Message-----
From: Jan Patrick Lübbert [mailto:mailinglist at jpluebbert.de] 
Sent: Monday, June 16, 2008 10:49 AM
To: Eric Diven
Subject: Re: [Samba] Restrict permission changes

No, both of them off. Only the owner can change permissions, that's right, but I want to restrict it so nobody is able to change them.

Jan

> -----Original Message-----
> Do you have acl group control = yes or dos filemode = yes in your smb.conf? 
> By default only the owner of the files should be able to change permissions.  Either of these affect that.

> ~Eric

> -----Original Message-----
> From: samba-bounces+eric.diven=edsiohio.com at lists.samba.org
> [mailto:samba-bounces+eric.diven=edsiohio.com at lists.samba.org] On 
> Behalf Of Jan Patrick Lübbert
> Sent: Monday, June 16, 2008 9:33 AM
> To: samba at lists.samba.org
> Subject: [Samba] Restrict permission changes

> Hello,

> I've a share with preset permissions on different directories including acls.
> So in one folder for example users can only read and into other read and write.
> Everything works fine. The Problem is if one user decides to change 
> the permission of a file or directory (via Windows) the acls and permissions get are messed up.

> How can I restrict users from changing permission on a share? I tried 
> "security mode" and "force security mode", but the acls alsways get deleted.

> Thanks

> Jan

> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba



--
Mit freundlichen Grüssen
Jan Patrick Lübbert                            mailto:mailinglist at jpluebbert.de

More information about the samba mailing list