[Samba] windows acls
Peter Carlson
peter at howudodat.com
Tue Dec 13 18:19:53 UTC 2022
I am seeing some weird problems with windows acls
At the share (public for all users) I have:
* root (Unix User\root) : Full control
* root (Unix Group\root) : Full control
* Everyone : Full Control
* CREATOR OWNER : Full Control
* CREATOR GROUP : Read & execute
* Everyone : Read & execute
* Domain Users : Full Control
Inheritance is disabled (button in Computer Management\System
Tools\Shared Folders\Shares shows "Enable Inheritance")
When I look at one of the folders in the share (mounted at P:\) I see:
* S-1-5-21-185628584-2620904409-2800336372-1105 : Full Control :
Inherited From P:\ : This folder only
* CREATOR OWNER : Full Control : Inherited From P:\ : Subfolders and
files only
* Domain Admins : Read & execute : Inherited From P:\ : This folder only
* CREATOR GROUP : Read & execute : Inherited From P:\ : Subfolders and
files Only
* Everyone : Read & execute : Inherited From P:\ : This folder,
subfolders and files
* Domain Users : Full control : Inherited From P:\ : This folder,
subfolders and files
1) S-1-5-21-185628584-2620904409-2800336372-1105 - Should I delete
this? it seems to be a broken permission from a previous config?
2) If inheritance is disabled, why do the folders in the share show
inherited from P:\ ?
3) I am a member of Domain Users and Domain Admins. I can see files in
P:\ but I cant overwrite them or delete them. It seems to be using the
permissions of Domain Admins R+X and not Domain Users Full Control. yes
I know the permissions seem backwards, which is another issue, however
shouldn't it allow me write access since I am also a member of Domain
Users ?
Thanks! Peter
More information about the samba
mailing list