smc+samba@dogphilosophy.net
2005-Mar-07 04:31 UTC
[Samba] Can Windows Domain admin grant "write" access WITHOUT "full control"?
Setting up the initial connection to ADS was so easy...but now I'm stuck. I'm trying to show off how seamlessly Samba integrates into an existing Windows "Active Directory" domain, but permissions issues are making this look much more complicated than it ought to be. I'm trying to get file shares on a Samba 3.0.9 (Suse 9.2 pro) server to behave exactly like a W2K server (or at least, close enough to "exactly like" that the Windows guy doesn't have any trouble administering the shares on the box.) I got the share to propagate the access control lists and permissions like he wanted with "inherit permissions" and "inherit acls" (I also have "map acl inherit" and "store dos attributes" set.) It seems like, from the Windows share, he can't give any kind of write access without having permissions revert to "full control". Is there any way around this, or does write access in Samba always come with e.g. ability to take ownership, change permissions, etc.? I can't seem to find too much online so far about how the Windows model for permissions/access control lists compares to the *nix one used by Samba/Linux (with ACL and extended attribute support apparently working). Any pointers to that kind of information would also be very helpful to me right now, before they give up and go blow our budget on licensing another slow "Windows Server 2003" and a pile of "Client Access Licenses"... Thanks
Reasonably Related Threads
- How could the admin do to grant me with permission to run virsh as unprivileged user?
- Changing group membership doesn't grant access when expected
- Write access doesn't grant delete access?!
- Ubiquiti Model UAP-AC-PRO
- must write '':controller => "/foo"'' because of "admin/bar"
Wisdom of the Ancients
