HI , We have come up with a utility called smbxcals which is derived from smbcals, where we no need to establish the client connection to perform ACLs operations, by just giving the absolute path as a paratmeter can list and set ACLs as below, # smbxcacls /root/FOO/ REVISION:1 CONTROL:0x8404 OWNER:DEMOSP\Administrator GROUP:DEMOSP\Domain Users ACL:BUILTIN\Administrators:ALLOWED/OI|CI|I/FULL ACL:DEMOSP\Administrator:ALLOWED/I/FULL ACL:\CREATOR OWNER:ALLOWED/OI|CI|IO|I/FULL ACL:BUILTIN\Users:ALLOWED/OI|CI|I/READ By doing above it will be use full to set and get ACLs back door rather than from icacls. Please let me know if you are interested I can post the patch. -- Thanks & Regards -Partha
On Thu, Jan 30, 2014 at 10:51 AM, Partha Sarathi <parthasarathi.bl at gmail.com> wrote:> HI , > > We have come up with a utility called smbxcals which is derived from > smbcals, where we no need to establish the client connection to perform > ACLs operations, by just giving the absolute path as a paratmeter can list > and set ACLs as below, > > > # smbxcacls /root/FOO/ > REVISION:1 > CONTROL:0x8404 > OWNER:DEMOSP\Administrator > GROUP:DEMOSP\Domain Users > ACL:BUILTIN\Administrators:ALLOWED/OI|CI|I/FULL > ACL:DEMOSP\Administrator:ALLOWED/I/FULL > ACL:\CREATOR OWNER:ALLOWED/OI|CI|IO|I/FULL > ACL:BUILTIN\Users:ALLOWED/OI|CI|I/READ > > > By doing above it will be use full to set and get ACLs back door rather > than from icacls. > > Please let me know if you are interested I can post the patch. > > -- > Thanks & Regards > -Partha >-- Thanks & Regards -Partha
Le 31/01/2014 05:51, Partha Sarathi a ?crit :> HI , > > We have come up with a utility called smbxcals which is derived from > smbcals, where we no need to establish the client connection to perform > ACLs operations, by just giving the absolute path as a paratmeter can list > and set ACLs as below, > > > # smbxcacls /root/FOO/ > REVISION:1 > CONTROL:0x8404 > OWNER:DEMOSP\Administrator > GROUP:DEMOSP\Domain Users > ACL:BUILTIN\Administrators:ALLOWED/OI|CI|I/FULL > ACL:DEMOSP\Administrator:ALLOWED/I/FULL > ACL:\CREATOR OWNER:ALLOWED/OI|CI|IO|I/FULL > ACL:BUILTIN\Users:ALLOWED/OI|CI|I/READ > > > By doing above it will be use full to set and get ACLs back door rather > than from icacls. > > Please let me know if you are interested I can post the patch. >Hi, I'm interrested in this kind of ACL display. It looks clearer than the : samba-tool ntacl get --as-sddl /path/to/share I usually type. Nicolas
On Thu, Jan 30, 2014 at 10:51:15AM -0800, Partha Sarathi wrote:> HI , > > We have come up with a utility called smbxcals which is derived from > smbcals, where we no need to establish the client connection to perform > ACLs operations, by just giving the absolute path as a paratmeter can list > and set ACLs as below, > > > # smbxcacls /root/FOO/ > REVISION:1 > CONTROL:0x8404 > OWNER:DEMOSP\Administrator > GROUP:DEMOSP\Domain Users > ACL:BUILTIN\Administrators:ALLOWED/OI|CI|I/FULL > ACL:DEMOSP\Administrator:ALLOWED/I/FULL > ACL:\CREATOR OWNER:ALLOWED/OI|CI|IO|I/FULL > ACL:BUILTIN\Users:ALLOWED/OI|CI|I/READ > > > By doing above it will be use full to set and get ACLs back door rather > than from icacls. > > Please let me know if you are interested I can post the patch.Yes, please post the patch to samba-technical ! Thanks, Jeremy.
Maybe Matching Threads
- Security permissions issues after changing idmap backend from RID to AUTORID
- Security permissions issues after changing idmap backend from RID to AUTORID
- Security permissions issues after changing idmap backend from RID to AUTORID
- Fwd: Change notify/Directory enumeration issue with two MAC OS X El Capitan accessing same folder
- smbstatus -- protocol and feature information