[Samba] acl_xattr and root permissions

Jerome Charaoui jerome at riseup.net
Sun Dec 9 02:12:19 UTC 2018


Le 18-12-07 à 03 h 28, L.P.H. van Belle via samba a écrit :
> Hai, 
> 
> Tip, think in groups not users when you setup/manage you servers, it will help. 
> 
> Now, 
> root = Administrator
> user != Administrator
> 
> but when you add a user as member of domain admins... because root = "Domain Admins" 
> 
> Read : 
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> 
> Dont forget also the "Creator owner" and "Creator Group" settings. 
> 1777, creator owner
> 2777, creator group
> 3777, both..  	
> 
> Change the 777's to what you need.
> That should help you. 

Thanks, that certainly helped.

By setting these setuid/setgid correctly and attributing the Unix to the
domain user, I'm now able to modify ACLs via Windows clients without the
username being mapped to root.

-- Jerome



More information about the samba mailing list