Security-level permission not working as expected on samba3.5.15

sandeep nag sandeepnagamalli at gmail.com
Tue May 27 09:08:08 MDT 2014 

Samba3.5.15  is working as expected with windows 2003 client, It looks like
samba3.5.15 has given acl support only for windows 2003 api.Probably the
later versions of samba will support windows 2008.

Thanks,
Sandeep.


On Tue, May 27, 2014 at 7:05 AM, Richard Sharpe <realrichardsharpe at gmail.com
> wrote:

> On Mon, May 26, 2014 at 6:07 PM, sandeep nag <sandeepnagamalli at gmail.com>
> wrote:
> > This is experimented on Windows server 2008 R2 Enterprise:
> > I created a directory C:\share-dir , then given read-only share-level
> > permissions to testad\sekhar1 user. Now, when I do icacls below is the
> > output.
> >
> > C:\Users\administrator.TESTAD>icacls C:\share-dir
> > C:\share-dir TESTAD\administrator:(OI)(CI)(F)
> >              BUILTIN\Administrators:(OI)(CI)(F)
> >              TESTAD\sekhar1:(OI)(CI)(RX)
> >              NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> >              BUILTIN\Administrators:(OI)(CI)(F)
> >
> > Successfully processed 1 files; Failed processing 0 files
> >
> > After that, I have changed the share-level permission on C:\share-dir to
> > read&write to sekhar1 and then, when I do icacls, below is the output.
> >
> > C:\Users\administrator.TESTAD>icacls C:\share-dir
> > C:\share-dir TESTAD\administrator:(OI)(CI)(F)
> >              BUILTIN\Administrators:(OI)(CI)(F)
> >              NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> >              TESTAD\sekhar1:(OI)(CI)(F)
> >
> > Successfully processed 1 files; Failed processing 0 files
>
> This is useful info. I too noticed that W2K8 seems to change the
> underlying ACL, but I suspect that it only deletes ACEs that match the
> share-level ACL.
>
> > @Richard: 1.Would you like me to perform any other test-case?
> >                 2.Also please tell me, what all requirements to be
> answered
> > to upgrade our samba source to higher versions, such that I can get
> >                     a 'go' from my team. Like set of tests to be passed
> etc.
> > Such that I will do them and upgrade the samba.
>
> As far as I am aware, no version of Samba works by applying ACLs to
> the underlying directory of a share when you set Share-level
> permissions.
>
> Moreover, the approach that Samba uses should provide the same behavior.
>
> --
> Regards,
> Richard Sharpe
> (何以解憂?唯有杜康。--曹操)
>

More information about the samba-technical mailing list