[Samba] Windows ACL clarification for Roaming Profiles share
Marc Muehlfeld
mmuehlfeld at samba.org
Sat Feb 18 13:53:34 UTC 2017
Am 18.02.2017 um 12:27 schrieb Rowland Penny via samba:
> You can 'map' SYSTEM on a domain member, couldn't seem to get it to
> work on a DC, though I didn't try hard ;-)
But mapping is applied when a user connects to a resource. Then the
connecting Samba account is mapped to a local unix account and the file
system is accessed using the Unix account's permissions. It does not
work the other way around. You can't map the "local" (built-in) SYSTEM
to a local/domain user and then "su - SYSTEM".
>> When I rewrote the "User Home Folder" page, I omitted SYSTEM in the
>> list of Windows ACLs (and of course it was never part of the POSIX
>> ACLs in this guide). However, I saw no reason to explain things that
>> I don't tell the user to set and what not necessary. If you follow
>> the guide, you get everything you need for a fully working share.
>
> I think 'SYSTEM' should be mentioned, if only to say why you don't need
> it.
I can write a short page describing what the SYSTEM account is used for
on Windows and why it does not apply to Samba on Unix. And we can link
it from the pages talking about setting Windows ACLs.
Regards,
Marc
More information about the samba
mailing list