Web lists-archives.com

Re: [Samba] Windows ACL clarification for Roaming Profiles share




Am 18.02.2017 um 12:27 schrieb Rowland Penny via samba:
You can 'map' SYSTEM on a domain member, couldn't seem to get it to
work on a DC, though I didn't try hard ;-)

But mapping is applied when a user connects to a resource. Then the connecting Samba account is mapped to a local unix account and the file system is accessed using the Unix account's permissions. It does not work the other way around. You can't map the "local" (built-in) SYSTEM to a local/domain user and then "su - SYSTEM".



When I rewrote the "User Home Folder" page, I omitted SYSTEM in the
list of Windows ACLs (and of course it was never part of the POSIX
ACLs in this guide). However, I saw no reason to explain things that
I don't tell the user to set and what not necessary. If you follow
the guide, you get everything you need for a fully working share.

I think 'SYSTEM' should be mentioned, if only to say why you don't need
it.

I can write a short page describing what the SYSTEM account is used for on Windows and why it does not apply to Samba on Unix. And we can link it from the pages talking about setting Windows ACLs.



Regards,
Marc

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba