[Samba] Settings ACL question
sr42354 at gmail.com
Thu Sep 1 12:11:35 UTC 2016
Thanks Mathias, I'm going to test that
Le 31/08/2016 à 19:08, mathias dufresne a écrit :
> Read wasn't the question. Question was about removing children but not
> the parent.
> parent-folder -> not removable
> |_ Children1 ->
> |_ Children2 -> both removable
> I don't know how Samba deal with that, but that's not the point for
> now. For now you have to understand NTFS permissions a little bit (I
> have not the knowledge to write something like a lesson about NTFS
> So all the following must be done on Windows, on loacl file system, a
> NTFS file system, not through Samba for now.
> - Create a folder anywhere, called "parent".
> - Right click -> properties -> security tab -> advanced
> - In advanced pop-up you get a button "change permissions", click on it
> - Here you should get an error message because there no ACL on this
> object, they are inherited from parent. To change them you have to
> suppress inheritance and copy ACL on the object and children (for
> children you can chose to make them inherit from parent)
> - If there still is a button "change permissions", click on it
> - now you are facing a pop-up titled "Advanced Security Settings for
> <object name>
> - chose one ACE, click on Edit button
> - you get a new pop-up called "Permissions Entry for <object name>".
> This pop-up contains a first box titled "Name:", a dropdown menu
> titled "Apply to: " and a big box with Permissions, Allow, Deny.
> - in the dropdown menu you can chose between different options:
> "This folder only"
> "This folder, subfolders and files"
> "This folder and subfolders""This folder and files""Subfolders and
> files only"
> "Subfolders only"
> "Files only"
> So you can apply different ACEs starting from same object which will
> apply on the object, the object and its content, content only, as
> describe previously.
> "This folder only" -> chose something to not allow removal
> "Subfolders and files only" -> chose full control
> Now you can test, you should be able to remove the folder on which you
> set up the refusal of removal.
> Hoping it's more clear.
> Now you can do that on NTFS, try the same through Samba.
> 2016-08-31 17:29 GMT+02:00 mathias dufresne <infractory at gmail.com
> <mailto:infractory at gmail.com>>:
> Hard day, sorry. I'll try to read that this evening, but can't
> promise anything..
> 2016-08-31 14:12 GMT+02:00 Sam <sr42354 at gmail.com
> <mailto:sr42354 at gmail.com>>:
> Ok so If I well understand the concept, ACL should be
> apply-able _on_ the object himself only from the parent object?
> For instance :
> if I want read attribute on a directory I have to set it on
> the parent directory.
> And if I want read attribute inside a directory, I can set it
> on the directory.
> Hope this instance is clear to understand...
> Thanks for confirm me that. ;)
> Le 30/08/2016 à 16:38, mathias dufresne a écrit :
>> ACL should be apply-able on the object, the object and its
>> children or on children only.
>> Apply full control ACL for children only and for the folder
>> itself MS should have something to allow content modification
>> 2016-08-30 16:16 GMT+02:00 Sam via samba
>> <samba at lists.samba.org <mailto:samba at lists.samba.org>>:
>> Hello all,
>> I try to set full control permission to a "Boss"
>> directory for one group and in the same time I want to
>> prevent this group to erase this top directory.
>> Is it possible to do that with different permission in
>> the Boss parent directory?
>> Here is a small draw for explain :
>> For the moment I can't prevent a user member of Boss
>> group to delete Boss directory...
>> Thanks for helping
>> To unsubscribe from this list go to the following URL and
>> read the
More information about the samba