Peter Milesson
2024-Jan-31 11:19 UTC
[Samba] Behavior of acl_xattr:ignore system acls = yes on a share
On 31.01.2024 11:48, Rowland Penny via samba wrote:> On Wed, 31 Jan 2024 11:38:31 +0100 > Peter Milesson via samba<samba at lists.samba.org> wrote: > >> >> On 31.01.2024 10:09, Ralph Boehme via samba wrote: >>> On 1/31/24 09:50, Peter Milesson via samba wrote: >>>> The crucial problem here is, that Everyone (yes, really everyone) >>>> can write to the root share. >>> why don't you just change it? That's how it's supposed to work. >>> >>> -slow >>> >> Hi Ralph, >> >> Unfortunately, that doesn't work. In share permissions, > Sorry, but you should only modify the 'Security' tab, for which a > better name would be 'NTFS permissions' > However, as I have found, you can remove 'EVERYONE' from the Security > tab permissions, but it doesn't remove it from the permissions set on > the actual share directory. > > Rowland > >> it's not >> possible to remove Everyone, nor add another security object. >> Clicking OK, the dialog closes without any errors, but opening it >> again, Everyone is still there. I was sure to start Computer >> Management as Administrator. >> >> If it would be possible to set share permissions, then it would be >> usable. >> >> Best regards, >> >> Peter >> >> >Hi Rowland, No, it's not possible to touch anything in the security tab. When clicking OK, I get the message "Failed to enumerate objects in the container. Access denied" Best regards, Peter
Rowland Penny
2024-Jan-31 11:28 UTC
[Samba] Behavior of acl_xattr:ignore system acls = yes on a share
On Wed, 31 Jan 2024 12:19:06 +0100 Peter Milesson via samba <samba at lists.samba.org> wrote:> > > On 31.01.2024 11:48, Rowland Penny via samba wrote: > > On Wed, 31 Jan 2024 11:38:31 +0100 > > Peter Milesson via samba<samba at lists.samba.org> wrote: > > > >> > >> On 31.01.2024 10:09, Ralph Boehme via samba wrote: > >>> On 1/31/24 09:50, Peter Milesson via samba wrote: > >>>> The crucial problem here is, that Everyone (yes, really everyone) > >>>> can write to the root share. > >>> why don't you just change it? That's how it's supposed to work. > >>> > >>> -slow > >>> > >> Hi Ralph, > >> > >> Unfortunately, that doesn't work. In share permissions, > > Sorry, but you should only modify the 'Security' tab, for which a > > better name would be 'NTFS permissions' > > However, as I have found, you can remove 'EVERYONE' from the > > Security tab permissions, but it doesn't remove it from the > > permissions set on the actual share directory. > > > > Rowland > > > >> it's not > >> possible to remove Everyone, nor add another security object. > >> Clicking OK, the dialog closes without any errors, but opening it > >> again, Everyone is still there. I was sure to start Computer > >> Management as Administrator. > >> > >> If it would be possible to set share permissions, then it would be > >> usable. > >> > >> Best regards, > >> > >> Peter > >> > >> > > > Hi Rowland, > > No, it's not possible to touch anything in the security tab. When > clicking OK, I get the message "Failed to enumerate objects in the > container. Access denied" > > Best regards, > > PeterHi Peter, did you set 'acl_xattr:ignore system acls = yes' in the share before you first attempted to change the permissions from Windows, or after. I ask this because, from my testing, if you set the line before the first permissions change from Windows, you get the error that you are now getting. Rowland
Possibly Parallel Threads
- Behavior of acl_xattr:ignore system acls = yes on a share
- Behavior of acl_xattr:ignore system acls = yes on a share
- Behavior of acl_xattr:ignore system acls = yes on a share
- Behavior of acl_xattr:ignore system acls = yes on a share
- Behavior of acl_xattr:ignore system acls = yes on a share