On 31.01.2023 19:09, Michael Tokarev via samba wrote:> 31.01.2023 20:59, Peter Milesson via samba ?????:
>> The share permissions are for Everyone (Full Control/Change/Read).
>> But naturally, the security settings do not include permissions for
>> machines, only for users/user groups. Everything is set up according
>> to the Samba Wiki. The uid 11025 is a computer account, and the gid
>> is "Domain computers".
>
> No, I mean something else. It is the *unix* path which is inaccessible
> to *unix* uid 11025.? Share permission which you see in samba is laid
> on top of unix permission, including the parent dirs.
>
> /mjt
>
Hi Michael,
I don't see any reason, that the 11025 computer account should have any
unix permissions on the server whatsoever. The server is setup using
Windows ACLs exclusively, no unix or posix acls or permissions involved
at all. There should be no unix access for client machines, not for
users either BTW, and if Samba complains, it's a Samba bug. The path is
obviously accessible by the domain users through Samba, otherwise their
Windows environment wouldn't work (of which I would be very quickly
informed).
Best regards,
Peter