Can you remove ntacls from the command line?
jra at samba.org
Fri Nov 19 15:39:30 MST 2010
On Thu, Nov 18, 2010 at 08:33:21AM -0800, allaboutmike wrote:
> I have some permissions problems and I would like to start from scratch. Is
> there a way I can remove all (windows) permissions on my folders from the
> command line? They don't seem to have any extended attributes:
> bcmain samba # getfattr -d /data/accounts
> bcmain samba #
> However Samba thinks they have plenty of acl info if I am reading this
> bcmain samba # ./bin/samba-tool acl nt get --xattr-backend=native
> file: struct xattr_NTACL
> version : 0x0001 (1)
> info : union xattr_NTACL_Info(case 1)
> sd : *
> sd: struct security_descriptor
> revision : SECURITY_DESCRIPTOR_REVISION_1 (1)
> type : 0x8004 (32772)
> 0: SEC_DESC_OWNER_DEFAULTED
> 0: SEC_DESC_GROUP_DEFAULTED
> 1: SEC_DESC_DACL_PRESENT
> 0: SEC_DESC_DACL_DEFAULTED
> 0: SEC_DESC_SACL_PRESENT
> 0: SEC_DESC_SACL_DEFAULTED
> 0: SEC_DESC_DACL_TRUSTED
> Is there a way I can do this?
ACLS are stored in the EA security.NTACL, not in the user EA space.
I'm thinking of adding a "net getntacl /local/filename" command
that will print them out.
More information about the samba-technical