gd at samba.org
Thu Aug 26 09:02:13 GMT 2004
looking at the current way of how share-access is beeing evaluated, I wonder
what samba's policy is in regard to what takes precedence when grating
share-access? smb.conf options or security descriptors? (I couldn't find that
clearly mentioned in the code).
Wouldn't it make sense to allow smb.conf options (e.g. write list=root) to
override *any* security descriptor in share_info.tdb? Given the fact that
admins can change the smb.conf more easily than changing share-acls with srvmgr
or other related tools.
In my particular case the print$-share (migrated from NT to samba) has a
security descriptor that contains a S-1-1-0 ALLOW READ_ACCESS (among some other
ACEs) but root can not rw-access that share (with write list = root in
What do yo think?
Guenther Deschner, SerNet Service Network GmbH
Phone: +49-(0)551-370000-0, Fax: +49-(0)551-370000-9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20040826/4283a8b6/attachment.bin
More information about the samba-technical