Web lists-archives.com

Re: [Samba] zfsacl problem with share permissions set from Computer Management




On Fri, Aug 11, 2017 at 9:27 AM, Joe Frank via samba <samba@xxxxxxxxxxxxxxx>
wrote:
>
>
> It appears that when a user has SeDiskOperatorPrivilege​ they always
> have full access regardless of the share permissions. When I attempt access
> using credentials without SeDiskOperatorPrivilege, the share permissions
> block access.


Great! I'm glad you figured it out!

If you think about it another way, this is a way to keep admins from
locking themselves out of shares. By the way, there is a similar
anti-foot-shooting mechanism with ZFS ACLs. The owner of a file will always
be able to change the permissions of the file. I.e., if you run the command
"setfacl -m everyone@:C::deny foo", the owner of "foo" can still edit ACL
for "foo".
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba