[Samba] Restricting samba subfolder acl changes to admin users
Volker.Lendecke at SerNet.DE
Thu Oct 14 02:54:31 MDT 2010
On Thu, Oct 14, 2010 at 02:36:09AM -0400, suresh.kandukuru at emc.com wrote:
> Thanks for quick reponse.is there any way restrict to
> this .like instead of allowing all who has write access
> on the share , to change subfolder acls in it. can we
> allow only admin users in NAS and ad AD administrator in
> windows to do this?.
> any workaround?.
Not without code changes in Samba. But as far as I know,
this problem will even happen with full NTFS acls. I think
NTFS grants the owner of a file implicit WRITE_DAC
permission, so the owner of a file or directory will always
be able to change the ACL.
More information about the samba