[Samba] zfsacl problem with share permissions set from Computer Management

Andrew Walker walker.aj325 at gmail.com
Fri Aug 11 15:41:48 UTC 2017


On Fri, Aug 11, 2017 at 9:27 AM, Joe Frank via samba <samba at lists.samba.org>
wrote:
>
>
> It appears that when a user has SeDiskOperatorPrivilege​ they always
> have full access regardless of the share permissions. When I attempt access
> using credentials without SeDiskOperatorPrivilege, the share permissions
> block access.


Great! I'm glad you figured it out!

If you think about it another way, this is a way to keep admins from
locking themselves out of shares. By the way, there is a similar
anti-foot-shooting mechanism with ZFS ACLs. The owner of a file will always
be able to change the permissions of the file. I.e., if you run the command
"setfacl -m everyone@:C::deny foo", the owner of "foo" can still edit ACL
for "foo".


More information about the samba mailing list