[Samba] Samba Posix ACL and classical files permissions
k3rmit at libero.it
Wed Jan 4 16:46:34 GMT 2006
Thank you very much.
I think though that this is very misleading for the casual windows user
and the behavior should be as much as possible pertinent or understandable.
My 2 cents.
Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Albe wrote:
>> For example, this is the getfacl under linux:
>> # file: Operators
>> # owner: albe
>> # group: Domain\040Admins
>> If i look at the security properties under windows only
>> the entries directly indicated explicitly in the acl is correctly
>> shown, so in this case user "alessandroc" and group "SwDevelopers".
>> The others are empty. If i open the advanced panel, it shows me
>> user "albe" entry twice, one for the classical posix permissions
>> and one for the acl permission. Anyway, under this panel all
>> permissions are correctly shown.
>> Is this an expected behavior or is there something wrong
>> in my samba installation or configuration file?
> This is expected behavior. The key thing to understand is that
> the Windows security GUI only shows permissions in the first tab
> if the ACE applies to "This folder, subfolders, & files".
> The posix ACE for a user or group is the "This folder" part and
> the default ACE for that user or group is the "subfodlers & files"
> portion. However, the default user and group ACE is the
> CREATOR OWNER/GROUP. So you need an additional 'default:user:albe:rwx'
> entry to get the "subfolders & files" for the actual owner.
> Hope this helps.
> cheers, jerry
> Alleviating the pain of Windows(tm) ------- http://www.samba.org
> Centeris ----------- http://www.centeris.com
> "There's an anonymous coward in all of us." --anonymous
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
More information about the samba