Jorge Luis Medina Begazo
2012-Dec-10 14:47 UTC
[Samba] Samba4 and permissions of SYSVOL and NETLOGON
Hello, I was testing samba for serveral months, Now I planning to implementing as AD for about 300 computers, I'm using it as a base of users for squid, dovecot and postfix. Everything is working fine, but I found a problem, if a user in windows get into the shared folders of the server like SYSVOL and NETLOGON, they are able to delete files and folders, so I noticed this could be a problem, if someone delete a script or GPO or a virus can corrupt this files, could I change the option "read only = no" to "read only = yes" or I'll have problems? I noticed this since rc5, I don't know if it was present in rc4 or any before, now I'm using the rc6. Thanks for your help
TAKAHASHI Motonobu
2012-Dec-11 15:31 UTC
[Samba] Samba4 and permissions of SYSVOL and NETLOGON
From: Jorge Luis Medina Begazo <jorgelucho at hotmail.com> Date: Mon, 10 Dec 2012 09:47:40 -0500> Everything is working fine, but I found a problem, if a user in windows > get into the shared folders of the server like SYSVOL and NETLOGON, they > are able to delete files and folders, ...Have you run "samba-tool ntacl sysvolreset"? To run that, ACLs are correctly set and normal users cannot write into these shares. --- TAKAHASHI Motonobu <monyo at monyo.com>