On 29/07/2014 12:05, Stuart Naylor wrote:> Are there any deny tools with samba4? Like the below example?
>
> To set the permission to deny read access of the homePhone attribute on a
single user object, you can use this command:
>
> dsacls <DN of object> /D <security principal>:RP;homePhone
> For our example, the command would look like this:
>
> dsacls "CN=Doe\, John,OU=newOU,DC=root,DC=net" /D root\
>
> non-HR-users:RP;homePhone
>
>
>
It seems samba-tool do this :
~# samba-tool dsacl
Usage: samba-tool dsacl <subcommand>
DS ACLs manipulation.
Options:
-h, --help show this help message and exit
Available subcommands:
set - Modify access list on a directory object.