[Samba] Restricting samba subfolder acl changes to admin users

suresh.kandukuru at emc.com suresh.kandukuru at emc.com
Fri Oct 15 00:07:55 MDT 2010 

Thanks Volker. Adding Jeremy, as my manager told me that let samba team know that I am part of EMC lifeline team .. and some of team members discussed with Jeremy  regarding some other samba problems.


Volker ,  if you don't mind can you elaborate this , if we make share offline , how the setting of acls goes through the samba source code.?
 ----
However, I think this might cause quite a few problems. For
example, if you make such a share available offline,
disallowing setting of ACLs will cause severe problems when
clients synchronize their data. Moreover, some applications
like for example Microsoft Excel explicitly set the ACL when
saving files. You need to check if disallowing this does not
cause you trouble.
-------------

Thanks
Suresh

-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Volker Lendecke
Sent: Thursday, October 14, 2010 5:43 PM
To: Kandukuru, Suresh
Cc: samba at lists.samba.org
Subject: Re: [Samba] Restricting samba subfolder acl changes to admin users

On Thu, Oct 14, 2010 at 08:05:38AM -0400, suresh.kandukuru at emc.com wrote:
> I am talking about users who has write access  on the
> share, not necessarily owners of the file/sub folders in
> it.  can we disallow the (some) users who has write access
> on the share to change subfolder ACL's in it?. I want to
> give this ACL change permission only to specific set of
> users .  I think this is valid requirement in general use
> case.

Yes, I think this might be a valid use case, although Samba
does not right now do this. It would require a patch to add
this capability along the lines of "valid users" etc.

However, I think this might cause quite a few problems. For
example, if you make such a share available offline,
disallowing setting of ACLs will cause severe problems when
clients synchronize their data. Moreover, some applications
like for example Microsoft Excel explicitly set the ACL when
saving files. You need to check if disallowing this does not
cause you trouble.

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list