[Samba] Re: Simple Permission Issue

[Richard Foltyn]

Joseph L. Casale wrote:

> I haven't really done a lot with file sharing in Samba and seem
> to be missing something here. I have a folder, /Share that has
> 
> [root at host ~]# getfacl /Share /
> getfacl: Removing leading '/' from absolute path names
> # file: Share
> # owner: root
> # group: ad\040sec\040group
> user::rwx
> group::rwx
> other::---
> 
> It is also a mount point for a partition, so it has a lost+found that
> is set 700 root:root. The share perms are:
> 
> [Share]
>         comment = ...
>         path = /Share
>         browseable = no
>         writable = no
>         guest ok = no
>         printable = no
>         write list = @"DOMAIN+Domain Admins",@"DOMAIN+ad sec group"
> 
> Why can users other than root manipulate the name of lost+found but
> obviously not execute it, and enter it? Same if root makes a test
> directory under /Share and sets it 700, users connected to the share
> cannot access it, but can modify its name and/or delete it?
> 
> Thanks!
> jlc

Because on Unix (unlike Windows) these operations are controlled by the
permissions of the *parent* directory.

Since users in the "ad sec group" have rwx permissions on /Share, they are
able to create / delete / rename files and directories inside /Share.