[Samba] Windows ACL clarification for Roaming Profiles share
L A Walsh
samba at tlinx.org
Mon Feb 20 04:54:20 UTC 2017
Marc Muehlfeld via samba wrote:
>
> That's why it is not necessary to add SYSTEM to the file system ACLs
> on a Samba share: SYSTEM is just an account that exists _locally_ and
> is not used when connecting to network resources.
====
if the share is hosting a roaming profile -- what user updates
the profile and what user updates the registry on the remote-roaming
profile?
Is it SYSTEM or the user?
2nd Q: if you use offline files to allow modifying local content even
though a server is down -- what USER is used to push those changes to the
remote system, or merge remote changes to a local user profile? (I think
it may be SYSTEM, but can't say for sure).
There may be some other cases where SYSTEM is used to do I/O --
if you defrag your disk, you'll see a SYSTEM process showing as
the I/O initiator. Some shadow copy stuff and backup stuff might need
SYSTEM to perform the I/O... (again, not sure, but...)
If everything works in your setup...great! just be aware
MS makes changes w/o telling users so SYSTEM might be used for something
else tomorrow. I hear you when you say nothing is justifying it.
So... go ahead, ask MS to justify something and let us know how that
goes... ;-) MS doesn't listen to users these days, or haven't you noticed?
-l
More information about the samba
mailing list