samba - Feb 2023 - Member server permissions issue

Right but with modify permissions you should be able to read/write the folder
should I not?  I'm getting access denied when trying to access the root
level of any of the shares unless I'm domain admin.

Thanks, 
Rich


----- On Feb 10, 2023, at 3:55 PM, Rowland Penny via samba samba at
lists.samba.org wrote:
> On 10/02/2023 20:40, Rich Webb via samba wrote:
>> #> ls -ld /server/shared
>> drwxrwx---+ 47 root CORP\domain users 4096 Feb  6 20:13 /server/shared
>> 
>> #> getfacl /server/shared
>> getfacl: Removing leading '/' from absolute path names
>> # file: server/shared
>> # owner: root
>> # group: CORP\\domain\040users
>> user::rwx
>> user:root:rwx
>> user:CORP\\domain\040admins:rwx
>> user:CORP\\domain\040users:rwx
>> group::rwx
>> group:CORP\\domain\040admins:rwx
>> group:CORP\\domain\040users:rwx
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:user:root:rwx
>> default:user:CORP\\domain\040admins:rwx
>> default:user:CORP\\domain\040users:rwx
>> default:group::---
>> default:group:CORP\\domain\040admins:rwx
>> default:group:CORP\\domain\040users:rwx
>> default:mask::rwx
>> default:other::---
>> 
>> #> samba-tool ntacl get /server/shared --as-sddl
>> O:S-1-22-1-0G:DUD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001301bf;;;DU)
> 
> Domain Admins has full permissions, but Domain Users only has modify
> permissions
> 
> Rowland
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

On 10/02/2023 21:06, Rich Webb via samba wrote:
> Right but with modify permissions you should be able to read/write the
folder should I not?  I'm getting access denied when trying to access the
root level of any of the shares unless I'm domain admin.
> 
No, you need to be able to traverse the directory.

Rowland