[Samba] acl resource
Noel Kelly
nkelly at citrusnetworks.net
Wed Oct 30 19:38:00 GMT 2002
Norman,
I find it is easiest to set them up using setfacl initially.
Then, assuming you have compiled Samba with the --with-acl-support flag, you
should be able to manipulate them using the Windows/Properties/Permissions
dialogue IF (here is a gotcha) you are the owner of the file/directory or
root. If you are not the owner (and not root) then you will not be able to
change them.
Also, you cannot remove the three basic Unix perms of user:group:owner from
Windows. Try it.
I found it is best to use setfacl to set the default ACLs on directories to
ensure they are properly propagated below.
As an administrator you might also appreciate a special admin only top-level
share which uses the 'force user=root' parameter. Dangerous as it sounds,
it will allow you to do what you like to ACLs from within Windoze.
If you use the 'valid users=' parameter and other such Samba security
parameters then you are effectively introducing a second tier of security
which might be unnecessary and cause administrative overhead. Personally, I
have stopped using ACLs as the Samba security gives a simpler and cleaner
way to set people's access and their is no equivalent in Windoze to NDS'
excellent overview windows of all the ACLs acting on a particular file/dir.
But circumstances dictate such things...
HTH
Noel
-----Original Message-----
From: Norman Zhang [mailto:nzhang at arkon-group.com]
Sent: 30 October 2002 18:16
To: samba at lists.samba.org
Subject: [Samba] acl resource
Hi,
I'm confused of where to set ACL? Do I set them in SWAT under Security
Options (using Valid Users, Force Group, ..., etc.)? Or do I need to
hardcoded them with setfacl? Or set them in NT client? Please direct me to
the references? I already have xfs, acl, attr, compiled in.
Regards,
Norman
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
More information about the samba
mailing list