[Samba] Restricting samba subfolder acl changes to admin users

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Oct 14 02:54:31 MDT 2010


On Thu, Oct 14, 2010 at 02:36:09AM -0400, suresh.kandukuru at emc.com wrote:
>   Thanks for quick reponse.is there any way restrict to
>   this .like instead of allowing all  who has write access
>   on the share , to change subfolder acls in it. can we
>   allow only admin users in NAS and ad AD administrator in
>   windows to do this?.
> 
> any workaround?.

Not without code changes in Samba. But as far as I know,
this problem will even happen with full NTFS acls. I think
NTFS grants the owner of a file implicit WRITE_DAC
permission, so the owner of a file or directory will always
be able to change the ACL.

Volker


More information about the samba mailing list