[Samba] Restricting samba subfolder acl changes to admin users

suresh.kandukuru at emc.com suresh.kandukuru at emc.com
Wed Oct 13 22:54:59 MDT 2010

Dear samba team,
  What I noticed from the below example is , any user who has write access to share are able to change sub folder acls in it.  we don't want that. how to restrict this to only admin users in NAS and  to AD administrator in windows. ?.

Please help .


1)      Import user from W2K3 R2 Server and set up a secure share.  User has Read/Write access.

2)      Create sub-folder and set Read .

3)      Log in as user on Windows 7 workstation using AD users credentials.

4)      Map to share and write files to share - OK as expected.

5)      Change directory to sub-folder and write files to sub-folder - write denied as expected.

6)      As AD user right click on sub-folder and enter properties, security.  Attempt to change R/O rights.  Successfully changed - Not expected behavior, only Administrator of NAS, Administrator of AD or member of AD Admin group should be able to change rights on secure sub-folders.



More information about the samba mailing list