[Samba] windows acls
Rowland Penny
rpenny at samba.org
Tue Dec 13 19:27:05 UTC 2022
On 13/12/2022 19:00, Peter Carlson via samba wrote:
>
> On 12/13/22 10:45, Rowland Penny via samba wrote:
>> Is 'S-1-5-21-185628584-2620904409-2800336372' the domain SID ?
>> Who or what is the RID 1105 ?
>
> Not sure, how Can I determine that?
wbinfo --sid-to-name=S-1-5-21-185628584-2620904409-2800336372-1105
>
>
>>
>>>
>>> 2) If inheritance is disabled, why do the folders in the share show
>>> inherited from P:\ ?
> root at filesvr:~# samba-tool ntacl get /data/FacilityPictures/ --as-sddl
> O:S-1-22-1-0G:S-1-22-2-0D:PAI(A;;0x001f01ff;;;S-1-22-1-0)(A;;0x001f01ff;;;S-1-22-2-0)(A;;0x001f01ff;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD)(A;OICI;0x001f01ff;;;DU)
If you break that down, you get this:
O:S-1-22-1-0 # owner 'root
G:S-1-22-2-0 # group 'root'
D:PAI
'P' = The SE_DACL_PROTECTED flag is set.
'AI' = The SE_DACL_AUTO_INHERITED flag is set.
(A;;0x001f01ff;;;S-1-22-1-0)
(A;;0x001f01ff;;;S-1-22-2-0)
(A;;0x001f01ff;;;WD)
(A;OICIIO;0x001f01ff;;;CO)
(A;OICIIO;0x001200a9;;;CG)
(A;OICIIO;0x001200a9;;;WD)
(A;OICI;0x001f01ff;;;DU)
'A' = allow
'0x001f01ff' full control
'OI' = OBJECT_INHERIT_ACE
'CI' = CONTAINER_INHERIT_ACE
'IO' = INHERIT_ONLY_ACE
'WD' = Everyone
'CO' = Creator owner
'CG' = Creator group
'DU' = Domain Users
I hope this helps you understand.
Rowland
More information about the samba
mailing list