[Samba] Security issue

Jay Ts jay at jayts.cx
Wed Oct 23 12:43:01 GMT 2002

Bart wrote:
> 	My question is probable more a windows 2000 issue, but since my
> experience is that linux-related mailinglists result in more usable
> information, I give his a try.

That's correct, and maybe you should get a copy of Microsoft's Windows
2000 Resource Kit rather than asking Windows-related questions here.
(Since you are using Windows 2000 as a workstation, the Professional
version of the RK should do it, and you probably don't need the
Server RK.)

> 	Does anybodyy know how the access control in shared win2000
> folders works? I assumed that if you put it on the network with a share,
> and you would give access rights to the share, this would be sufficient.

No. The way to do it is to configure access rights using ACLs, and then
share the folder allowing full control.  Or at least, that's the way
Microsoft recommends.

Another method would be to set the ACLs to allow full control, then
set the share permissions, but this is not as fine-grained. (The share
permissions apply to all files and directories in the share, whereas
ACLs can be set individually.)

In either case, be aware that there are two levels of checking: one
at the filesystem level, and another at the sharing level.  Samba also
works like that, since you can set permissions on individual files,
and also set parameters such as 'read only' and 'valid users' in
share definitions in the smb.conf file.

Jay Ts
author, Using Samba, 2nd edition

More information about the samba mailing list