[Samba] cannot set filesystem permissions on shares

Rowland penny rpenny at samba.org
Thu Jul 4 14:37:35 UTC 2019


On 04/07/2019 15:28, L.P.H. van Belle via samba wrote:
>   
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Rowland penny via samba
>> Verzonden: donderdag 4 juli 2019 16:05
> ....
>> Here it is in big letters:
>>
>> DO NOT TOUCH THE 'SHARE' TAB ON WINDOWS, THERE IS NO NEED!
> That all depends on the setup and if you know that your doing, there is no problem with changing the share rights at all.
> And since most people dont like, that these shares are setup with everyone/full controle and on the wiki it shows:
> "domain users" Read
> "domain admins" Full
>
> Its a bit off to say dont touch the share tab...
> Now if the wiki is right, and if you follow it it works, then yes, i totaly agree, but today its not.
>
> By Default this is Everyone/Full (is/was, I dont know current stat of latest windows) i should check,
> but i just killed my building server. :-( aarrgg..
> Only bionic i386 was todo, so i need to fix that first now.
>
> And with the bug(s) in samba, that groups and (nested groups) are not well read through winbind, ( i believe fixed now ), that is/was a problem.
> Which still might be in 4.9.5 on Debian buster.  Thats why i asked him to try this.
>
> We know its normaly really not needed to change the share rights, thats correct but,
> again, it depends on what you want to use and how.
>
> Ps. @Rowland, Those caps are really not needed..  ;-)
>
> Ps2 in general, a good read : https://blog.netwrix.com/2018/05/03/differences-between-share-and-ntfs-permissions/
> That might help people understanding the difference.
>
>
>
> Greetz,
>
> Louis
>
>
>
The thing is that it seems that every time this problem comes up, it 
comes down to 'everyone' being removed from the 'share' tab. Now I never 
have this problem, but then I never touch the 'share' tab.

 From what you saying, if you remove 'everyone' from the share tab, you 
must replace it with 'domain user', so why bother ?

Rowland





More information about the samba mailing list