[Samba] "missing security tab" and related ACL issues
Stefan G. Weichinger
lists at xunil.at
Sat Nov 10 09:40:53 UTC 2018
Am 09.11.18 um 17:13 schrieb Rowland Penny via samba:
>> I have 2 shares with "acl map full control = No"
>>
>> is it possible that this is somehow read serially and influences
>> shares below as well? I know that behavior from other software.
>>
>
> No, the parameters set on share only affect that share,and they
> override global settings.
great
> Can I make some suggestions ?
sure, that's why I am here
> If this isn't in [global], move it there:
>
> map acl inherit = Yes
>
> Remove these lines where ever they occur, they are default settings:
>
> acl check permissions = Yes
> acl group control = No
> acl map full control = Yes
> inherit acls = No
>
> I would remove these, I am sure you don't really need them:
>
> force unknown acl user = Yes
> nt acl support = No
> acl map full control = No
>
> I would also remove this line, as you have it set, any executable can
> be run, even if it isn't set as an executable:
>
> acl allow execute always = Yes
>
> If you have any concerns about removing these lines, I suggest you
> read 'man smb.conf', I think you will see why I suggest removing the
> lines ;-)
I agree and will clean up asap. That server was set up and maintained by
a former admin ... so far I tried to change only minor things to not
break anything and keep the users happy.
But I absolutely see the need to clean up.
More information about the samba
mailing list