[Samba] zfsacl problem with share permissions set from Computer Management
Andrew Walker
walker.aj325 at gmail.com
Fri Aug 11 15:41:48 UTC 2017
On Fri, Aug 11, 2017 at 9:27 AM, Joe Frank via samba <samba at lists.samba.org>
wrote:
>
>
> It appears that when a user has SeDiskOperatorPrivilege​ they always
> have full access regardless of the share permissions. When I attempt access
> using credentials without SeDiskOperatorPrivilege, the share permissions
> block access.
Great! I'm glad you figured it out!
If you think about it another way, this is a way to keep admins from
locking themselves out of shares. By the way, there is a similar
anti-foot-shooting mechanism with ZFS ACLs. The owner of a file will always
be able to change the permissions of the file. I.e., if you run the command
"setfacl -m everyone@:C::deny foo", the owner of "foo" can still edit ACL
for "foo".
More information about the samba
mailing list