[Samba] Restricting samba subfolder acl changes to admin users
suresh.kandukuru at emc.com
suresh.kandukuru at emc.com
Thu Oct 14 06:05:38 MDT 2010
Volker,
once again thanks for the response. I am talking about users who has write access on the share, not necessarily owners of the file/sub folders in it.
can we disallow the (some) users who has write access on the share to change subfolder ACL's in it?. I want to give this ACL change permission only to specific set of users . I think this is valid requirement in general use case.
Thanks
Suresh
-----Original Message-----
From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE]
Sent: Thursday, October 14, 2010 2:25 PM
To: Kandukuru, Suresh
Cc: samba at lists.samba.org
Subject: Re: [Samba] Restricting samba subfolder acl changes to admin users
On Thu, Oct 14, 2010 at 02:36:09AM -0400, suresh.kandukuru at emc.com wrote:
> Thanks for quick reponse.is there any way restrict to
> this .like instead of allowing all who has write access
> on the share , to change subfolder acls in it. can we
> allow only admin users in NAS and ad AD administrator in
> windows to do this?.
>
> any workaround?.
Not without code changes in Samba. But as far as I know,
this problem will even happen with full NTFS acls. I think
NTFS grants the owner of a file implicit WRITE_DAC
permission, so the owner of a file or directory will always
be able to change the ACL.
Volker
More information about the samba
mailing list