[Samba] SMB Windows ACL functionality

Ralph Boehme slow at samba.org
Tue Jul 12 08:20:40 UTC 2022

On 7/12/22 10:01, Rowland Penny via samba wrote:
> On Tue, 2022-07-12 at 09:53 +0200, Ralph Boehme via samba wrote:
>> On 7/12/22 03:58, Bailey Allison via samba wrote:
>>> In addition, I have changed the permissions on the shared directory
>>> to:
>>> chmod 0770 /mnt/smb
>>> chown root:"DOMAIN\Domain Admins" /mnt/smb
>> I guess this isn't really obvious from the manpage, but you're
>> supposed
>> to set the directory to 0777 so the module can implement the
>> permission
>> evaluation in userspace based on the contents of the NT ACL stored in
>> an
>> xattr, without interference of filesystem permissions.
> No, it isn't obvious and that would allow anyone that gets local access
> to the samba server access to the shares directory.

yes, that's the way it works.


Ralph Boehme, Samba Team                 https://samba.org/
SerNet Samba Team Lead      https://sernet.de/en/team-samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20220712/f18845d4/OpenPGP_signature.sig>

More information about the samba mailing list