[Samba] acl_xattr and root permissions
L.P.H. van Belle
belle at bazuin.nl
Fri Dec 7 08:28:43 UTC 2018
Hai,
Tip, think in groups not users when you setup/manage you servers, it will help.
Now,
root = Administrator
user != Administrator
but when you add a user as member of domain admins... because root = "Domain Admins"
Read :
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
Dont forget also the "Creator owner" and "Creator Group" settings.
1777, creator owner
2777, creator group
3777, both..
Change the 777's to what you need.
That should help you.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Jerome Charaoui via samba
> Verzonden: vrijdag 7 december 2018 1:18
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] acl_xattr and root permissions
>
> Hello,
>
> I'd like to know if, when using acl_xattr to store Windows ACLs in the
> security.NTACL extended attribute, Samba knows to always to set the
> attribute within the "root" context, or will it attempt to do
> it in the
> (domain) user context that's requesting the change?
>
> As I understand it, on Linux only root is allowed to modify extended
> attributes in the "security" context.
>
> I'm asking because so far, with Samba 4.5.12, I've been
> unable to modify ACLs from a remote Windows client under any circumstance
> except when the domain user is mapped to root via "username map".
>
> Thanks,
>
> -- Jerome
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list