Re: [Samba] acl_xattr and root permissions
- Date: Fri, 7 Dec 2018 09:28:43 +0100
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] acl_xattr and root permissions
Tip, think in groups not users when you setup/manage you servers, it will help.
root = Administrator
user != Administrator
but when you add a user as member of domain admins... because root = "Domain Admins"
Dont forget also the "Creator owner" and "Creator Group" settings.
1777, creator owner
2777, creator group
Change the 777's to what you need.
That should help you.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> Jerome Charaoui via samba
> Verzonden: vrijdag 7 december 2018 1:18
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: [Samba] acl_xattr and root permissions
> I'd like to know if, when using acl_xattr to store Windows ACLs in the
> security.NTACL extended attribute, Samba knows to always to set the
> attribute within the "root" context, or will it attempt to do
> it in the
> (domain) user context that's requesting the change?
> As I understand it, on Linux only root is allowed to modify extended
> attributes in the "security" context.
> I'm asking because so far, with Samba 4.5.12, I've been
> unable to modify ACLs from a remote Windows client under any circumstance
> except when the domain user is mapped to root via "username map".
> -- Jerome
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the