[Samba] cannot set share permissions

Waishon waishon009 at gmail.com
Thu Apr 26 16:04:07 UTC 2018


Hi Rowland,

oh that was my fault :)

So "valid users" doesn't have any impact on a Samba share when using Windows ACLs and only works for POSIX ACLs? Didn't know that :)

Is this because Windows stores the security descriptor in binary in the xattr of the file? And samba doesn't check this attributes against the "valid user" property?

Lesson learned :D

Thanks
________________________________
From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny via samba <samba at lists.samba.org>
Sent: Thursday, April 26, 2018 5:53:04 PM
To: samba at lists.samba.org
Subject: Re: [Samba] cannot set share permissions

On Thu, 26 Apr 2018 15:32:56 +0000
Waishon via samba <samba at lists.samba.org> wrote:

> Hi,
>
> so you would like to restrict the access to the share definitions?
> E.g. only "User1" should be able to access the Share "Private"?
>
> Have you had a look at this documentation?
> https://www.samba.org/samba/docs/using_samba/ch09.html
> (This doc is quite old but should still apply).
>
> We're running a seperate fileserver which is joined to the SAMDOM DC.
> Then we're using valid users = @"SAMDOM\Domain Users"
> to make sure that only domain members are able to access the share.
> Instead of Domain Users it's also possible to just use a group or a
> specific user.
>
> Hope that helps.
>

I don't think it does ;-)

I think the OP is asking the 'share' tab on windows, this doesn't have
anything to do with what you have posted.

The main tab the OP should be worried about is the 'security' tab (for
which a better name would 'NTFS permissions').

Can I also point out that you shouldn't be using any of the old
documentation when it comes to a Samba AD DC, you should be reading
this:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

Where it clearly states 'Samba does not support using POSIX ACLs on a
DC. You must use Windows ACLs.'

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list