[Samba] acl_xattr and root permissions

L.P.H. van Belle belle at bazuin.nl
Fri Dec 7 08:28:43 UTC 2018


Tip, think in groups not users when you setup/manage you servers, it will help. 

root = Administrator
user != Administrator

but when you add a user as member of domain admins... because root = "Domain Admins" 

Read : 

Dont forget also the "Creator owner" and "Creator Group" settings. 
1777, creator owner
2777, creator group
3777, both..  	

Change the 777's to what you need.
That should help you. 



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Jerome Charaoui via samba
> Verzonden: vrijdag 7 december 2018 1:18
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] acl_xattr and root permissions
> Hello,
> I'd like to know if, when using acl_xattr to store Windows ACLs in the
> security.NTACL extended attribute, Samba knows to always to set the
> attribute within the "root" context, or will it attempt to do 
> it in the
> (domain) user context that's requesting the change?
> As I understand it, on Linux only root is allowed to modify extended
> attributes in the "security" context.
> I'm asking because so far, with Samba 4.5.12, I've been 
> unable to modify ACLs from a remote Windows client under any circumstance 
> except when the domain user is mapped to root via "username map".
> Thanks,
> -- Jerome
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list