[Samba] Settings ACL question
Sam
sr42354 at gmail.com
Thu Sep 1 12:11:35 UTC 2016
Thanks Mathias, I'm going to test that
See you!
Samuel
Le 31/08/2016 à 19:08, mathias dufresne a écrit :
> Read wasn't the question. Question was about removing children but not
> the parent.
>
> parent-folder -> not removable
> |_ Children1 ->
> |_ Children2 -> both removable
>
> I don't know how Samba deal with that, but that's not the point for
> now. For now you have to understand NTFS permissions a little bit (I
> have not the knowledge to write something like a lesson about NTFS
> permissions).
>
> So all the following must be done on Windows, on loacl file system, a
> NTFS file system, not through Samba for now.
>
> - Create a folder anywhere, called "parent".
> - Right click -> properties -> security tab -> advanced
> - In advanced pop-up you get a button "change permissions", click on it
> - Here you should get an error message because there no ACL on this
> object, they are inherited from parent. To change them you have to
> suppress inheritance and copy ACL on the object and children (for
> children you can chose to make them inherit from parent)
> - If there still is a button "change permissions", click on it
> - now you are facing a pop-up titled "Advanced Security Settings for
> <object name>
> - chose one ACE, click on Edit button
> - you get a new pop-up called "Permissions Entry for <object name>".
> This pop-up contains a first box titled "Name:", a dropdown menu
> titled "Apply to: " and a big box with Permissions, Allow, Deny.
> - in the dropdown menu you can chose between different options:
> "This folder only"
> "This folder, subfolders and files"
> "This folder and subfolders""This folder and files""Subfolders and
> files only"
> "Subfolders only"
> "Files only"
>
> So you can apply different ACEs starting from same object which will
> apply on the object, the object and its content, content only, as
> describe previously.
>
> "This folder only" -> chose something to not allow removal
> "Subfolders and files only" -> chose full control
>
> Now you can test, you should be able to remove the folder on which you
> set up the refusal of removal.
>
> Hoping it's more clear.
>
> Now you can do that on NTFS, try the same through Samba.
>
>
> 2016-08-31 17:29 GMT+02:00 mathias dufresne <infractory at gmail.com
> <mailto:infractory at gmail.com>>:
>
> Hard day, sorry. I'll try to read that this evening, but can't
> promise anything..
>
> 2016-08-31 14:12 GMT+02:00 Sam <sr42354 at gmail.com
> <mailto:sr42354 at gmail.com>>:
>
> Ok so If I well understand the concept, ACL should be
> apply-able _on_ the object himself only from the parent object?
>
> For instance :
> if I want read attribute on a directory I have to set it on
> the parent directory.
> And if I want read attribute inside a directory, I can set it
> on the directory.
>
> Hope this instance is clear to understand...
>
> Thanks for confirm me that. ;)
>
> Samuel
>
>
> Le 30/08/2016 à 16:38, mathias dufresne a écrit :
>> ACL should be apply-able on the object, the object and its
>> children or on children only.
>>
>> Apply full control ACL for children only and for the folder
>> itself MS should have something to allow content modification
>> only...
>>
>> 2016-08-30 16:16 GMT+02:00 Sam via samba
>> <samba at lists.samba.org <mailto:samba at lists.samba.org>>:
>>
>> Hello all,
>>
>> I try to set full control permission to a "Boss"
>> directory for one group and in the same time I want to
>> prevent this group to erase this top directory.
>>
>> Is it possible to do that with different permission in
>> the Boss parent directory?
>> Here is a small draw for explain :
>>
>> For the moment I can't prevent a user member of Boss
>> group to delete Boss directory...
>> Thanks for helping
>>
>> Sam
>>
>> --
>> To unsubscribe from this list go to the following URL and
>> read the
>> instructions:
>> https://lists.samba.org/mailman/options/samba
>> <https://lists.samba.org/mailman/options/samba>
>>
>>
>
>
>
More information about the samba
mailing list