[Samba] Re: Simple Permission Issue
richard.foltyn at gmail.com
Tue Apr 21 18:25:10 GMT 2009
Joseph L. Casale wrote:
> I haven't really done a lot with file sharing in Samba and seem
> to be missing something here. I have a folder, /Share that has
> [root at host ~]# getfacl /Share /
> getfacl: Removing leading '/' from absolute path names
> # file: Share
> # owner: root
> # group: ad\040sec\040group
> It is also a mount point for a partition, so it has a lost+found that
> is set 700 root:root. The share perms are:
> comment = ...
> path = /Share
> browseable = no
> writable = no
> guest ok = no
> printable = no
> write list = @"DOMAIN+Domain Admins",@"DOMAIN+ad sec group"
> Why can users other than root manipulate the name of lost+found but
> obviously not execute it, and enter it? Same if root makes a test
> directory under /Share and sets it 700, users connected to the share
> cannot access it, but can modify its name and/or delete it?
Because on Unix (unlike Windows) these operations are controlled by the
permissions of the *parent* directory.
Since users in the "ad sec group" have rwx permissions on /Share, they are
able to create / delete / rename files and directories inside /Share.
More information about the samba