[Samba] samba acl - able to change permissions that contradict user security setting

suresh.kandukuru at emc.com suresh.kandukuru at emc.com
Thu Sep 9 04:07:24 MDT 2010

Thanks Smith. This explains in detail.


-----Original Message-----
From: Chris Smith [mailto:smb_77 at chrissmith.org] 
Sent: Thursday, September 09, 2010 8:19 AM
To: Kandukuru, Suresh
Cc: samba at lists.samba.org
Subject: Re: [Samba] samba acl - able to change permissions that contradict user security setting

On Wed, Sep 8, 2010 at 10:04 PM,  <suresh.kandukuru at emc.com> wrote:
> it looks like code is not designed like this.
> if you don't mind , Can you please explain this ,
> ----------
> - although you would be asking
> it to restrict the admin's rights, which wouldn't be proper behavior.
> Plus it then wouldn't work like a Windows box, which is a primary
> goal.
> ----------------

File level security and share level security are separate - you can
limit what a user can do with either one, or both. Consider one box -
with no remote file sharing, a system (file level security) is needed
to prevent unauthorized access to files and directories for local
users. Consider a box that has no idea of file level security, say pre
Windows NT such as Windows 95 for instance, files are shared via the
network but with an OS that has no concept of file level security
something is needed to prevent unauthorized access - share level
security. AFAIK, the systems are not integrated, work separately and
provide some backward compatibility.

As the admin has full share level RW access to the share, he/she can
surely make changes to the file level security (that is, if it's
allowed by the current file level security) but he's not changing
share level security through this, only file level; so locally the
non-admin user could (presumably) login locally and access those
files, but still be blocked remotely by the share level permissions.
It's the way Windows works (and why Samba does also), plus I'm sure
other network sharing systems, NFS, etc. have similar attributes.

Think of it like trying to gain access to an office in a building. I
can keep you from gaining entry in two ways; one is that I prevent you
from entering the building (share level), or two, I prevent you from
entering the particular office by locking its door (file level). If I
prevent you from entering the building it doesn't matter whether or
not I lock the office door - you cannot get there. If I lock the
office door it doesn't matter if I allow you to enter the building -
either way you are effectively locked out. And just because you are
prevented, in the one case, from entering the building, there is
nothing, nor should there be, to prevent me (the admin) from unlocking
the office door, which would give you access if, and only if, you had
egress into the building - my access is not affected (I can still
unlock the office door), only yours (you still have no access unless I
allow you into the building as well).

More information about the samba mailing list