[Samba] Share Permissions vs. Security

Stefan Kania stefan at kania-online.de
Sun Feb 7 18:51:12 UTC 2021

The shared-permission is only interesting when accessing the filesystem
via the network. Let's say you give "Full Access" on a folder inside
your share. The shared-permission is set to "everyone full" so if
someone locks in at the system only the filessystem permission is
checked. The shared-permission is used. If someone access the same
folder via the network, first the shared-permission is checked. It's set
to "everyone full" so no restriction and the user will get "full Access"
via the filesystem permission. Now change the shared-permission to
"readonly". Still the user logged in locally will get full access. BUT
now: When a user access the share the maximum permission he can get is
read, ever other permission is filtered. So the setting of the
shared-permission is always the maximum permission via the network.

The other way around shared-permission is set to "everyone full" and
filesystem permission is set to "read" a user accessing via network will
get no more then "read" permission.

So shared-permission can only remove permissions nEVER gives permission.
It's a little bit like the "mask" in Filesystem ACLs.

 Am 04.02.21 um 23:15 schrieb Marco Shmerykowsky via samba:
> Under "Setting up a Share Using Windows ACL's" in the
> Sambawiki it states "You should only need to makes changes
> to the Security Tab" and that the "Share Permissions
> Tab should be set to Everyone:Full-Control,Change,Read.
> On my previous setup I had set the "Share Permissions"
> to the MS Security Group that was allowed access to
> the share.  Everything seemed to work.
> Can someone explain the difference between the two
> settings?
Stefan Kania
Landweg 13
25693 St. Michaelisdonn

Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter https://www.dgn.de/dgncert/index.html

More information about the samba mailing list