[Samba] I see "everyone permission" at windows security even i didn't add.

Rowland Penny rpenny at samba.org
Thu Nov 30 13:13:38 UTC 2017 

On Thu, 30 Nov 2017 14:09:44 +0200
Özkan Göksu via samba <samba at lists.samba.org> wrote:

> I created a share with the config I gave below. As you can see in
> pictures I have two Everyone at "Permission" and one Everyone at
> "Share" section. These permissions comes when i create a share.. One
> of them is definitely related to samba because it is in the "share"
> section, but I guess the other two permits are comes with "posix acl".
> 
> But i did not add everyone permission to my share? I did "setfacl
> other:---" and "public = no" Where these permissions are come from?
> 
> I know "everyone" permissions are harmless but still I don't want to
> see them. Do you know a way to delete these permissions when you
> create a samba share?
> 
> getfacl iotest/
> # file: iotest/
> # owner: root
> # group: root
> user::rwx
> user:8008:rwx
> group::---
> mask::rwx
> other::---
> 
> ------------------------------
> 
> [iotest]
>     comment = iotest ACL Test
>     path = /ozkaniotest/iotest
>     valid users = "test.local\test"
>     admin users = "test.local\test"
>     write list = "test.local\test"
>     public = no
>     read only = yes
>     inherit permissions = yes
>     inherit acls = yes
> 
> BTW: I use ZFS as filesystem and my zfs parameters are:
> 
> 
>    - aclytpe=posixacl
>    - xattr= sa
> 
> *Yes, pictures are not in English but this is just Windows Security->
> Permission tab.. And attrb's are not important.*
> 
> [image: https://i.imgur.com/F0G0G6V.png]
> <https://i.stack.imgur.com/plLMP.png>[image: enter image description
> here] <https://i.stack.imgur.com/7CYib.png>

Yes, I do know of a way to remove the entry, go to windows and remove
ALL the entries, go to Unix and set Unix permissions on the directory
and files, never look at or change the permissions from windows ever
again.

OR, to put it another way, either use posix ACLs or Windows ACLs, not
both as you are trying to do now.

Change the share to this:

[iotest]
    comment = iotest ACL Test
    path = /ozkaniotest/iotest
    read only = No

and set the permissions from Windows

Or carry on as you are doing now and IGNORE the share tabs on windows.

Rowland

More information about the samba mailing list