[Samba] Windows ACL clarification for Roaming Profiles share

L A Walsh samba at tlinx.org
Mon Feb 20 04:54:20 UTC 2017

Marc Muehlfeld via samba wrote:
> That's why it is not necessary to add SYSTEM to the file system ACLs 
> on a Samba share: SYSTEM is just an account that exists _locally_ and 
> is not used when connecting to network resources.
    if the share is hosting a roaming profile -- what user updates
the profile and what user updates the registry on the remote-roaming 
Is it SYSTEM or the user?

    2nd Q: if you use offline files to allow modifying local content even
though a server is down -- what USER is used to push those changes to the
remote system, or merge remote changes to a local user profile?  (I think
it may be SYSTEM, but can't say for sure).

    There may be some other cases where SYSTEM is used to do I/O --
if you defrag your disk,  you'll see a SYSTEM process showing as
the I/O initiator.  Some shadow copy stuff and backup stuff might need
SYSTEM to perform the I/O... (again, not sure, but...)

    If everything works in your setup...great!  just be aware
MS makes changes w/o telling users so SYSTEM might be used for something
else tomorrow.  I hear you when you say nothing is justifying it.
So... go ahead, ask MS to justify something and let us know how that
goes... ;-)  MS doesn't listen to users these days, or haven't you noticed?



More information about the samba mailing list