Sébastien Le Ray
2015-May-13 15:21 UTC
[Samba] Posix vs. Windows File/Directory Permissions
Le 13/05/2015 17:11, Rowland Penny a ?crit :> On 13/05/15 16:08, S?bastien Le Ray wrote: >> >> >> Le 13/05/2015 17:02, Rowland Penny a ?crit : >>> On 13/05/15 13:38, Mike wrote: >>>> I want to get a better understanding of what's happening between >>>> the posix >>>> permissions and windows permissions. >>> >>> Nothing happens between posix permissions (acls) and windows >>> permissions (ACLs), they are different, see: >> >> Well? Something happens since Windows ACLs are converted to UNIX ones >> when using RSAT. > > No they aren'tYes they are, a simple getfacl will show this fact (converted is may not be the right word since not all windows permissions have a corresponding unix one)> >> Moreover, you'll not be able to set up inital Windows ACL is UNIX >> ACLs do not allow the configuring user to do so (which is not >> mentioned on the wiki) >> > > Do you mean this line that isn't on the wiki page I posted a link to :-) > > Log on to a Windows machine, using an account to which the > ?SeDiskOperatorPrivilege? was granted, or an account in a group with > the granted privilege.This isn't sufficient, try using a member of domain admins with right privilege, you won't be able to change permissions if the folder isn't owned by you
On 13/05/15 16:21, S?bastien Le Ray wrote:> Le 13/05/2015 17:11, Rowland Penny a ?crit : >> On 13/05/15 16:08, S?bastien Le Ray wrote: >>> >>> >>> Le 13/05/2015 17:02, Rowland Penny a ?crit : >>>> On 13/05/15 13:38, Mike wrote: >>>>> I want to get a better understanding of what's happening between >>>>> the posix >>>>> permissions and windows permissions. >>>> >>>> Nothing happens between posix permissions (acls) and windows >>>> permissions (ACLs), they are different, see: >>> >>> Well? Something happens since Windows ACLs are converted to UNIX >>> ones when using RSAT. >> >> No they aren't > > Yes they are, a simple getfacl will show this fact (converted is may > not be the right word since not all windows permissions have a > corresponding unix one)If you set the acls on a Unix directory with 'chmod' and then set an ACL with 'setfacl', you will not change the Unix acls, that is, if the acls are set to '775' and you then set the ACL for a user with 'setfacl', the Unix acl will still read '775' or 'rwxrwxr-x' , what will change is a '+' sign will appear at the end of the acl.> >> >>> Moreover, you'll not be able to set up inital Windows ACL is UNIX >>> ACLs do not allow the configuring user to do so (which is not >>> mentioned on the wiki) >>> >> >> Do you mean this line that isn't on the wiki page I posted a link to :-) >> >> Log on to a Windows machine, using an account to which the >> ?SeDiskOperatorPrivilege? was granted, or an account in a group with >> the granted privilege. >Hmm, I will have to try this, I usually do my admin as 'Administrator', once I am sure what rights you do need, I will update the wiki page. Rowland> This isn't sufficient, try using a member of domain admins with right > privilege, you won't be able to change permissions if the folder isn't > owned by you
Sébastien Le Ray
2015-May-13 15:32 UTC
[Samba] Posix vs. Windows File/Directory Permissions
Le 13/05/2015 17:29, Rowland Penny a ?crit :> > If you set the acls on a Unix directory with 'chmod' and then set an > ACL with 'setfacl', you will not change the Unix acls, that is, if the > acls are set to '775' and you then set the ACL for a user with > 'setfacl', the Unix acl will still read '775' or 'rwxrwxr-x' , what > will change is a '+' sign will appear at the end of the acl.you don't set unix acl with chmod, you set unix file perms. To set unix ACLs you use setfacl? Regards