[Samba] Posix vs. Windows File/Directory Permissions

Rowland Penny rowlandpenny at googlemail.com
Wed May 13 09:29:50 MDT 2015


On 13/05/15 16:21, Sébastien Le Ray wrote:
> Le 13/05/2015 17:11, Rowland Penny a écrit :
>> On 13/05/15 16:08, Sébastien Le Ray wrote:
>>>
>>>
>>> Le 13/05/2015 17:02, Rowland Penny a écrit :
>>>> On 13/05/15 13:38, Mike wrote:
>>>>> I want to get a better understanding of what's happening between 
>>>>> the posix
>>>>> permissions and windows permissions.
>>>>
>>>> Nothing happens between posix permissions (acls) and windows 
>>>> permissions (ACLs), they are different, see:
>>>
>>> Well… Something happens since Windows ACLs are converted to UNIX 
>>> ones when using RSAT. 
>>
>> No they aren't
>
> Yes they are, a simple getfacl will show this fact (converted is may 
> not be the right word since not all windows permissions have a 
> corresponding unix one)

If you set the acls on a Unix directory with 'chmod' and then set an ACL 
with 'setfacl', you will not change the Unix acls, that is, if the acls 
are set to '775' and you then set the ACL for a user with 'setfacl', the 
Unix acl will still read '775' or 'rwxrwxr-x' , what will change is a 
'+' sign will appear at the end of the acl.

>
>>
>>> Moreover, you'll not be able to set up inital Windows ACL is UNIX 
>>> ACLs do not allow the configuring user to do so (which is not 
>>> mentioned on the wiki)
>>>
>>
>> Do you mean this line that isn't on the wiki page I posted a link to :-)
>>
>> Log on to a Windows machine, using an account to which the 
>> „SeDiskOperatorPrivilege“ was granted, or an account in a group with 
>> the granted privilege.
>

Hmm, I will have to try this, I usually do my admin as 'Administrator', 
once I am sure what rights you do need, I will update the wiki page.

Rowland

> This isn't sufficient, try using a member of domain admins with right 
> privilege, you won't be able to change permissions if the folder isn't 
> owned by you



More information about the samba mailing list