[Samba] Restricting samba subfolder acl changes to admin users
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Oct 14 06:13:13 MDT 2010
On Thu, Oct 14, 2010 at 08:05:38AM -0400, suresh.kandukuru at emc.com wrote:
> I am talking about users who has write access on the
> share, not necessarily owners of the file/sub folders in
> it. can we disallow the (some) users who has write access
> on the share to change subfolder ACL's in it?. I want to
> give this ACL change permission only to specific set of
> users . I think this is valid requirement in general use
> case.
Yes, I think this might be a valid use case, although Samba
does not right now do this. It would require a patch to add
this capability along the lines of "valid users" etc.
However, I think this might cause quite a few problems. For
example, if you make such a share available offline,
disallowing setting of ACLs will cause severe problems when
clients synchronize their data. Moreover, some applications
like for example Microsoft Excel explicitly set the ACL when
saving files. You need to check if disallowing this does not
cause you trouble.
Volker
More information about the samba
mailing list