[Samba] Restricting samba subfolder acl changes to admin users
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Oct 15 05:20:46 MDT 2010
On Fri, Oct 15, 2010 at 07:09:02AM -0400, suresh.kandukuru at emc.com wrote:
> once final Q is ,I have admin user in NAS . for a share
> "test" , he has given write access to user "user1 " and
> read access for a subfolder -> "testsubdir" in share
> "test" .
> when user1 logged into share "test", he could not write
> into "testsubdir". obviously it is because he has read
> access on the folder an most restrictive access will be
> effective.
>
> and the problem is since the user1 has write access to
> share , he is able to change the read access on the sub
> folder by himself. why samba is allowing this ? since
> effectively user1 has read access on the sub folder
> "testsubdir" it should deny acl changes on that right?.
Who is the file owner of "testsubdir"? You can find out who
is the owner with the command "ls -ld testsubdir". If user1
is the owner, then it does not matter if user1 has only read
access. If user1 is not the owner, then we might have a bug
in Samba. Please send us your smb.conf configuration file
and a debug level 10 log of the smbd allowing this
operation.
Thanks in advance,
Volker Lendecke
More information about the samba
mailing list