[Samba] windows acls
Rowland Penny
rpenny at samba.org
Tue Mar 28 20:38:36 UTC 2023
On 28/03/2023 21:33, Peter Carlson via samba wrote:
>>
> root at filesvr:/data# mkdir Accounting2
> root at filesvr:/data# chmod 0770 Accounting2
> root at filesvr:/data# chown root:"SDCP\\domain admins" Accounting2
> root at filesvr:/data# smbcontrol all reload-config
>
> on Windows, Computer Management, connect to remote server, System
> Tools->Shared Folders->Shares
> Accounting2:Share Permissions has Everyone, Full Control, Change and
> Read, nothing else
> Accounting2:Security has:
> root: Full Control: This folder only
> Domain Admins: Full control: This folder only
> Everyone: None: This folder only
> CREATOR OWNER: Full control: Subfolder and files only
> CREATOR GROUP: Read & Execute: Subfolder and files only
> Everyone: Read & Execute: Subfolder and files only
I would probably use Domain Users instead of 'Everyone'
>
> 1) That's how it was all set by default, is there anything there that I
> should change?
>
> 2) To add DOMAIN\Accounting to be able to have full control to this
> share and all subfolder, do I:
> a) add that here in Computer Management
> b) open windows explorer go to \\filesvr\Accouting2 and add it there?
> c) neither, create a folder and set the permissions there
Choose any one from the three, they are all viable.
Rowland
More information about the samba
mailing list