Security-level permission not working as expected on samba3.5.15
Richard Sharpe
realrichardsharpe at gmail.com
Mon May 26 19:35:32 MDT 2014
On Mon, May 26, 2014 at 6:07 PM, sandeep nag <sandeepnagamalli at gmail.com> wrote:
> This is experimented on Windows server 2008 R2 Enterprise:
> I created a directory C:\share-dir , then given read-only share-level
> permissions to testad\sekhar1 user. Now, when I do icacls below is the
> output.
>
> C:\Users\administrator.TESTAD>icacls C:\share-dir
> C:\share-dir TESTAD\administrator:(OI)(CI)(F)
> BUILTIN\Administrators:(OI)(CI)(F)
> TESTAD\sekhar1:(OI)(CI)(RX)
> NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> BUILTIN\Administrators:(OI)(CI)(F)
>
> Successfully processed 1 files; Failed processing 0 files
>
> After that, I have changed the share-level permission on C:\share-dir to
> read&write to sekhar1 and then, when I do icacls, below is the output.
>
> C:\Users\administrator.TESTAD>icacls C:\share-dir
> C:\share-dir TESTAD\administrator:(OI)(CI)(F)
> BUILTIN\Administrators:(OI)(CI)(F)
> NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> TESTAD\sekhar1:(OI)(CI)(F)
>
> Successfully processed 1 files; Failed processing 0 files
This is useful info. I too noticed that W2K8 seems to change the
underlying ACL, but I suspect that it only deletes ACEs that match the
share-level ACL.
> @Richard: 1.Would you like me to perform any other test-case?
> 2.Also please tell me, what all requirements to be answered
> to upgrade our samba source to higher versions, such that I can get
> a 'go' from my team. Like set of tests to be passed etc.
> Such that I will do them and upgrade the samba.
As far as I am aware, no version of Samba works by applying ACLs to
the underlying directory of a share when you set Share-level
permissions.
Moreover, the approach that Samba uses should provide the same behavior.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list