[Samba] Restricting samba subfolder acl changes to admin users
jra at samba.org
Mon Oct 25 16:16:26 MDT 2010
On Mon, Oct 18, 2010 at 12:12:55AM -0400, suresh.kandukuru at emc.com wrote:
> Thanks Jeremy and Volker. Clarified some of points.still little bit confusion for me.
> so, in summary if a user can change ACL, if he has write acess on the share and the ownership on subfolders / files inside it.
> here is is my test.
> 1) created share "test" , given write access to it for "admin", "user1" users.
> 2) connected to share with admin user and created sub folder "test_subfldr" in it. and given read access to user1 user
> output of getfacl
> root at storage:/mnt/soho_storage/samba/shares/SP0/test# getfacl test_subfldr/
> # file: test_subfldr/
> # owner: admin
> # group: users
> root at storage:/mnt/soho_storage/samba/shares/SP0/test#
> 4) connected to test share with user1 , could not write into test_subfldr. and user1 has changed acl settings on test_subfldr to write access .
> why samba is allowing this? Though user1 has write access to share , he is not the owner of test_subfldr/.(admin is the owner for this) . user1 effectivly has read access on the test_subfldr.
> attached smb.conf for your reference.
Ok, started to look at this. Thanks for your
What are the getfacl permissions on the folder:
I need to see the output from:
and also please send me (privately if you wish)
a debug level 10 log from smbd when user1 connects
to the test share and changes the acl setting
More information about the samba