samba - May 2015 - Posix vs. Windows File/Directory Permissions

Le 13/05/2015 17:02, Rowland Penny a ?crit :
> On 13/05/15 13:38, Mike wrote:
>> I want to get a better understanding of what's happening between
the
>> posix
>> permissions and windows permissions.
>
> Nothing happens between posix permissions (acls) and windows 
> permissions (ACLs), they are different, see:
Well? Something happens since Windows ACLs are converted to UNIX ones 
when using RSAT. Moreover, you'll not be able to set up inital Windows 
ACL is UNIX ACLs do not allow the configuring user to do so (which is 
not mentioned on the wiki)

Regards

On 13/05/15 16:08, S?bastien Le Ray wrote:
>
>
> Le 13/05/2015 17:02, Rowland Penny a ?crit :
>> On 13/05/15 13:38, Mike wrote:
>>> I want to get a better understanding of what's happening
between the
>>> posix
>>> permissions and windows permissions.
>>
>> Nothing happens between posix permissions (acls) and windows 
>> permissions (ACLs), they are different, see:
>
> Well? Something happens since Windows ACLs are converted to UNIX ones 
> when using RSAT. 
No they aren't
> Moreover, you'll not be able to set up inital Windows ACL is UNIX ACLs 
> do not allow the configuring user to do so (which is not mentioned on 
> the wiki)
>
Do you mean this line that isn't on the wiki page I posted a link to :-)

Log on to a Windows machine, using an account to which the 
?SeDiskOperatorPrivilege? was granted, or an account in a group with the 
granted privilege.

Rowland
> Regards

Le 13/05/2015 17:11, Rowland Penny a ?crit :
> On 13/05/15 16:08, S?bastien Le Ray wrote:
>>
>>
>> Le 13/05/2015 17:02, Rowland Penny a ?crit :
>>> On 13/05/15 13:38, Mike wrote:
>>>> I want to get a better understanding of what's happening
between
>>>> the posix
>>>> permissions and windows permissions.
>>>
>>> Nothing happens between posix permissions (acls) and windows 
>>> permissions (ACLs), they are different, see:
>>
>> Well? Something happens since Windows ACLs are converted to UNIX ones 
>> when using RSAT. 
>
> No they aren't
Yes they are, a simple getfacl will show this fact (converted is may not 
be the right word since not all windows permissions have a corresponding 
unix one)
>
>> Moreover, you'll not be able to set up inital Windows ACL is UNIX 
>> ACLs do not allow the configuring user to do so (which is not 
>> mentioned on the wiki)
>>
>
> Do you mean this line that isn't on the wiki page I posted a link to
:-)
>
> Log on to a Windows machine, using an account to which the 
> ?SeDiskOperatorPrivilege? was granted, or an account in a group with 
> the granted privilege.
This isn't sufficient, try using a member of domain admins with right 
privilege, you won't be able to change permissions if the folder isn't 
owned by you

Le 13/05/2015 17:11, Rowland Penny a ?crit :
> On 13/05/15 16:08, S?bastien Le Ray wrote:
>>
>>
>> Le 13/05/2015 17:02, Rowland Penny a ?crit :
>>> On 13/05/15 13:38, Mike wrote:
>>>> I want to get a better understanding of what's happening
between
>>>> the posix
>>>> permissions and windows permissions.
>>>
>>> Nothing happens between posix permissions (acls) and windows
>>> permissions (ACLs), they are different, see:
>>
>> Well? Something happens since Windows ACLs are converted to UNIX ones
>> when using RSAT.
>
> No they aren't
Yes they are, a simple getfacl will show this fact (converted is may not 
be the right word since not all windows permissions have a corresponding 
unix one)
>
>> Moreover, you'll not be able to set up inital Windows ACL is UNIX
>> ACLs do not allow the configuring user to do so (which is not
>> mentioned on the wiki)
>>
>
> Do you mean this line that isn't on the wiki page I posted a link to
:-)
>
> Log on to a Windows machine, using an account to which the
> ?SeDiskOperatorPrivilege? was granted, or an account in a group with
> the granted privilege.
This isn't sufficient, try using a member of domain admins with right 
privilege, you won't be able to change permissions if the folder isn't 
owned by you