I would like to be able to use SID's in linux so as to have ACL's identical to windows. Example usage why: Say I have an ntfs partitioned disk that I share with a co-worker that uses windows. Currently I am connected to the domain using rfc2307 and that allows me to authenticate using AD and on the nfs through the Isilon the windows users see files correctly permissioned but when I share an ntfs partitioned disk the ACL's are not correct.
On 15/02/16 10:33 AM, Jeff Sadowski wrote:> I would like to be able to use SID's in linux so as to have ACL's identical > to windows. > Example usage why: > > Say I have an ntfs partitioned disk that I share with a co-worker that uses > windows. > > Currently I am connected to the domain using rfc2307 and that allows me to > authenticate using AD and on the nfs through the Isilon the windows users > see files correctly permissioned but when I share an ntfs partitioned disk > the ACL's are not correct.The SID is made up from parts that include a domain id and a user id. The NTFS partition files will have SIDs appropriate for the domain it belongs to. Physically sharing with a user who is not part of that domain would mean the user's computer had a different base SID. See https://en.wikipedia.org/wiki/Security_Identifier for a good discussion on the issue.
On 15/02/16 15:33, Jeff Sadowski wrote:> I would like to be able to use SID's in linuxNo you cannot use SIDs on linux.> so as to have ACL's identical > to windows.But you should be able to get ACLs to work on Linux. Rowland> Example usage why: > > Say I have an ntfs partitioned disk that I share with a co-worker that uses > windows. > > Currently I am connected to the domain using rfc2307 and that allows me to > authenticate using AD and on the nfs through the Isilon the windows users > see files correctly permissioned but when I share an ntfs partitioned disk > the ACL's are not correct.
On Mon, Feb 15, 2016 at 9:04 AM, Rowland penny <rpenny at samba.org> wrote:> On 15/02/16 15:33, Jeff Sadowski wrote: > >> I would like to be able to use SID's in linux >> > > No you cannot use SIDs on linux. > > so as to have ACL's identical >> to windows. >> > > But you should be able to get ACLs to work on Linux.When mounted as cifs I can get and set ACLs using getcifsacl and setcifsacl When mounting an ntfs drive getcifsacl fails and getfacl doesn't show what I'd expect setfacl works but only with what you'd expect from getfacl when viewing the acl in windows I see a strange sid. The ACL's written from linux don't have the SID's where as the ones written from windows do.> > > Rowland > > Example usage why: >> >> Say I have an ntfs partitioned disk that I share with a co-worker that >> uses >> windows. >> >> Currently I am connected to the domain using rfc2307 and that allows me to >> authenticate using AD and on the nfs through the Isilon the windows users >> see files correctly permissioned but when I share an ntfs partitioned disk >> the ACL's are not correct. >> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >