Web lists-archives.com

Re: [Samba] I see "everyone permission" at windows security even i didn't add.




On Thu, 30 Nov 2017 14:09:44 +0200
Özkan Göksu via samba <samba@xxxxxxxxxxxxxxx> wrote:

> I created a share with the config I gave below. As you can see in
> pictures I have two Everyone at "Permission" and one Everyone at
> "Share" section. These permissions comes when i create a share.. One
> of them is definitely related to samba because it is in the "share"
> section, but I guess the other two permits are comes with "posix acl".
> 
> But i did not add everyone permission to my share? I did "setfacl
> other:---" and "public = no" Where these permissions are come from?
> 
> I know "everyone" permissions are harmless but still I don't want to
> see them. Do you know a way to delete these permissions when you
> create a samba share?
> 
> getfacl iotest/
> # file: iotest/
> # owner: root
> # group: root
> user::rwx
> user:8008:rwx
> group::---
> mask::rwx
> other::---
> 
> ------------------------------
> 
> [iotest]
>     comment = iotest ACL Test
>     path = /ozkaniotest/iotest
>     valid users = "test.local\test"
>     admin users = "test.local\test"
>     write list = "test.local\test"
>     public = no
>     read only = yes
>     inherit permissions = yes
>     inherit acls = yes
> 
> BTW: I use ZFS as filesystem and my zfs parameters are:
> 
> 
>    - aclytpe=posixacl
>    - xattr= sa
> 
> *Yes, pictures are not in English but this is just Windows Security->
> Permission tab.. And attrb's are not important.*
> 
> [image: https://i.imgur.com/F0G0G6V.png]
> <https://i.stack.imgur.com/plLMP.png>[image: enter image description
> here] <https://i.stack.imgur.com/7CYib.png>

Yes, I do know of a way to remove the entry, go to windows and remove
ALL the entries, go to Unix and set Unix permissions on the directory
and files, never look at or change the permissions from windows ever
again.

OR, to put it another way, either use posix ACLs or Windows ACLs, not
both as you are trying to do now.

Change the share to this:

[iotest]
    comment = iotest ACL Test
    path = /ozkaniotest/iotest
    read only = No

and set the permissions from Windows

Or carry on as you are doing now and IGNORE the share tabs on windows.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba