Web lists-archives.com

Re: [Samba] acl_xattr and root permissions




Hai, 

Tip, think in groups not users when you setup/manage you servers, it will help. 

Now, 
root = Administrator
user != Administrator

but when you add a user as member of domain admins... because root = "Domain Admins" 

Read : 
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

Dont forget also the "Creator owner" and "Creator Group" settings. 
1777, creator owner
2777, creator group
3777, both..  	

Change the 777's to what you need.
That should help you. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Jerome Charaoui via samba
> Verzonden: vrijdag 7 december 2018 1:18
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: [Samba] acl_xattr and root permissions
> 
> Hello,
> 
> I'd like to know if, when using acl_xattr to store Windows ACLs in the
> security.NTACL extended attribute, Samba knows to always to set the
> attribute within the "root" context, or will it attempt to do 
> it in the
> (domain) user context that's requesting the change?
> 
> As I understand it, on Linux only root is allowed to modify extended
> attributes in the "security" context.
> 
> I'm asking because so far, with Samba 4.5.12, I've been 
> unable to modify ACLs from a remote Windows client under any circumstance 
> except when the domain user is mapped to root via "username map".
> 
> Thanks,
> 
> -- Jerome
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba