[Samba] acl_xattr and root permissions
L.P.H. van Belle
belle at bazuin.nl
Fri Dec 7 08:28:43 UTC 2018
Tip, think in groups not users when you setup/manage you servers, it will help.
root = Administrator
user != Administrator
but when you add a user as member of domain admins... because root = "Domain Admins"
Dont forget also the "Creator owner" and "Creator Group" settings.
1777, creator owner
2777, creator group
Change the 777's to what you need.
That should help you.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Jerome Charaoui via samba
> Verzonden: vrijdag 7 december 2018 1:18
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] acl_xattr and root permissions
> I'd like to know if, when using acl_xattr to store Windows ACLs in the
> security.NTACL extended attribute, Samba knows to always to set the
> attribute within the "root" context, or will it attempt to do
> it in the
> (domain) user context that's requesting the change?
> As I understand it, on Linux only root is allowed to modify extended
> attributes in the "security" context.
> I'm asking because so far, with Samba 4.5.12, I've been
> unable to modify ACLs from a remote Windows client under any circumstance
> except when the domain user is mapped to root via "username map".
> -- Jerome
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba