[Samba] Can Windows Domain admin grant "write" access WITHOUT "full
control"?
smc+samba at dogphilosophy.net
smc+samba at dogphilosophy.net
Mon Mar 7 04:05:22 GMT 2005
Setting up the initial connection to ADS was so easy...but now I'm stuck.
I'm trying to show off how seamlessly Samba integrates into an existing
Windows "Active Directory" domain, but permissions issues are making this
look much more complicated than it ought to be.
I'm trying to get file shares on a Samba 3.0.9 (Suse 9.2 pro) server to behave
exactly like a W2K server (or at least, close enough to "exactly like" that
the Windows guy doesn't have any trouble administering the shares on the box.)
I got the share to propagate the access control lists and permissions like he
wanted with "inherit permissions" and "inherit acls" (I also have "map acl
inherit" and "store dos attributes" set.)
It seems like, from the Windows share, he can't give any kind of write access
without having permissions revert to "full control". Is there any way around
this, or does write access in Samba always come with e.g. ability to take
ownership, change permissions, etc.?
I can't seem to find too much online so far about how the Windows model for
permissions/access control lists compares to the *nix one used by Samba/Linux
(with ACL and extended attribute support apparently working). Any pointers
to that kind of information would also be very helpful to me right now,
before they give up and go blow our budget on licensing another slow "Windows
Server 2003" and a pile of "Client Access Licenses"...
Thanks
More information about the samba
mailing list