[Samba] mixing Windows ACL and POSIX ACL shares on one server?
Timothy Brewer
timothy.brewer at wyo.gov
Thu Nov 14 23:09:57 UTC 2019
Matthias,
I used setfacl to set POSIX and Ad ACLS. Windows users who are in the
appropriate group can manage perms for both.
Cheers,
Tim
On Thu, Nov 14, 2019 at 3:43 PM Matthias Leopold via samba <
samba at lists.samba.org> wrote:
>
>
> Am 14.11.19 um 23:03 schrieb Jeremy Allison via samba:
> > On Fri, Nov 15, 2019 at 10:51:41AM +1300, Andrew Bartlett via samba
> wrote:
> >> On Thu, 2019-11-14 at 21:45 +0100, Matthias Leopold via samba wrote:
> >>> Hi,
> >>>
> >>> I posted a similar question in 2018 with no answers, so I'll try
> >>> again:
> >>> Is it possible to have shares with Windows ACLs and shares with
> >>> POSIX
> >>> ACLs on the same server (security = user)? Since share permissions
> >>> are
> >>> handled differently for both types of shares I'm not sure if this
> >>> will
> >>> work. I know I could try it out myself, but the question again just
> >>> came
> >>> to my mind and I think there will be clear answer by someone who
> >>> knows.
> >>
> >> Yes, use acl_xattr to store the windows acl if you want that handled
> >> faithfully. The last ACL to be set will win.
> >>
> >> If you set a POSIX ACL then any windows ACL that has been set will be
> >> ignored. If you set a windows ACL on the same file then it will be
> >> translated into posix and also stored.
> >>
> >> So, the idea is that it would 'just work'.
> >
> > Yep, +1 Andrew, that's the way it's meant to work (was
> > designed that way). There might be some tricky corner
> > cases but mostly this is the way most Samba installs
> > use ACLs.
> >
>
> thank you. you are all focusing on ACLs, I'm rather sure they will work,
> my concern is rather management of share permissions. will
> share_info.tdb (Windows ACL share) work alongside with "valid users"
> (POSIX ACL share)?
>
> Matthias
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Tim Brewer
Field Services Tech - ETS FS region 2
Wyoming Department of Enterprise Technology Services
2020 Grand Ave.
Laramie, WY 82070
tim.brewer at wyo.gov
website: ets.wyo.gov
Support: 307-777-5000
Direct Line: 307-343-3183
Ensuring Wyoming has trailblazing technology to meet tomorrows challenges
while delivering the finest in business services today.
--
E-Mail to and from me, in connection with the transaction
of public
business, is subject to the Wyoming Public Records
Act and may be
disclosed to third parties.
More information about the samba
mailing list