Displaying 8 results from an estimated 8 matches for "container_inherit_ace".
2020 Jun 13
0
include in smb.conf
...e written as 'FA'
LA = Local administrator
Second ACE:
A = allow
0x001200a9 = (Read and Execute) - (Inherited)
S-1-22-2-0 = ??? a local Unix group
Third ACE:
A = allow
0x001200a9 = (Read and Execute) - (Inherited)
WD = Everyone
Fourth ACE:
A = allow
OICIIO = OI CI IO = OBJECT_INHERIT_ACE CONTAINER_INHERIT_ACE
INHERIT_ONLY_ACE
0x001f01ff = Full control, can also be written as 'FA'
CO = Creator owner
Fifth ACE:
A = allow
OICIIO = OI CI IO = OBJECT_INHERIT_ACE CONTAINER_INHERIT_ACE
INHERIT_ONLY_ACE
0x001200a9 = (Read and Execute) - (Inherited)
CG = Creator group
Sixth ACE:
A = allow
OICIIO = OI...
2020 Jun 12
2
include in smb.conf
...)(A;OICIIO;GA;;;SY)(A;;0x001f03ff;;;SY)(A;OICIIO;WOWDGRGWGX;;;BA)(A;;0x001e01bf;;;BA)(A;OICIIO;GRGX;;;SO)(A;;0x001200a9;;;SO)
>
> Now, provided you have the key, you can easily decipher it, for
> instance, (A;OICIIO;WOWDGRGWGX;;;CO) is:
>
> (ACCESS_ALLOWED_ACE_TYPE;OBJECT_INHERIT_ACE CONTAINER_INHERIT_ACE
> INHERIT_ONLY_ACE;WRITE_OWNER WRITE_DAC GENERIC_READ GENERIC_WRITE
> GENERIC_EXECUTE;;;SECURITY_CREATOR_OWNER_RID)
>
> See here:
> https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings
>
> and here:
>
> https://docs.microsoft.com/en-us/windows/win32/secauth...
2020 Jun 13
2
include in smb.conf
...a4 is different.
>For example: I apply a read, write and modify permission, but the user can
only create directories and rename files if I assign permission to exclude
files in folders, subfolders and files.
This is normal?
>Sixth ACE:
>A = allow
>OICIIO = OI CI IO = OBJECT_INHERIT_ACE CONTAINER_INHERIT_ACE
>INHERIT_ONLY_ACE
>0x001200a9 = (Read and Execute) - (Inherited)
>WD = Everyone
>Oh and it is wrong ;-)
How could I fix this problem?
Regards,
M?rcio Bacci
Em s?b., 13 de jun. de 2020 ?s 06:01, Rowland penny via samba <
samba at lists.samba.org> escreveu:
> On 12/06/2020...
2006 Mar 25
1
Help with File.set_permissions port
I''ve got a (broken) version of File.set_permissions in CVS, and I need
some help finishing it off please.
Heesob, can you take a look?
Thanks,
Dan
2018 Nov 29
0
Different LDAP query in different DC...
...D:AI(A;CINPID;RPLCRC;;;S-1-5-21-160080369-360138
> 5002-3131615632-1314)
This one has an extra ACE and in readable form it is:
(A;CINPID;RPLCRC;;;S-1-5-21-160080369-3601385002-3131615632-1314)
"A" SDDL_ACCESS_ALLOWED ACCESS_ALLOWED_ACE_TYPE
"CI" SDDL_CONTAINER_INHERIT CONTAINER_INHERIT_ACE
"NP" SDDL_NO_PROPAGATE NO_PROPAGATE_INHERIT_ACE
"ID" SDDL_INHERITED INHERITED_ACE
"RP" SDDL_READ_PROPERTY
"LC" SDDL_LIST_CHILDREN
"RC" SDDL_READ_CONTROL
account_sid: SID string that identifies the trustee of the ACE.
S-1-5-21...
2020 Jun 09
0
include in smb.conf
...AU)(A;;0x001200a9;;;AU)(A;OICIIO;GA;;;SY)(A;;0x001f03ff;;;SY)(A;OICIIO;WOWDGRGWGX;;;BA)(A;;0x001e01bf;;;BA)(A;OICIIO;GRGX;;;SO)(A;;0x001200a9;;;SO)
Now, provided you have the key, you can easily decipher it, for
instance, (A;OICIIO;WOWDGRGWGX;;;CO) is:
(ACCESS_ALLOWED_ACE_TYPE;OBJECT_INHERIT_ACE CONTAINER_INHERIT_ACE
INHERIT_ONLY_ACE;WRITE_OWNER WRITE_DAC GENERIC_READ GENERIC_WRITE
GENERIC_EXECUTE;;;SECURITY_CREATOR_OWNER_RID)
See here:
https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings
and here:
https://docs.microsoft.com/en-us/windows/win32/secauthz/sid-strings?redirectedfrom=MSDN
Rowl...
2020 Jun 09
2
include in smb.conf
Hi Rowland
>Hi Marcio, we would need more info, where are you migrating the
home folders from ? and where to ?
I copied Windows Server 2008 folders and permissions with ROBOCOPY to my
Samba 4 server.
>I know you mentioned a Win 2008 server, are the home folders stored
on that ?
The personal folders were stored on it (Windows), but now they are on my
new Samba 4 file server.
>Another
2018 Nov 29
2
Different LDAP query in different DC...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> You need to explicitly ask for it, for instance:
Oh, cool! Seems effectivaly different:
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "DC=ad,DC=fvg,DC=lnf,DC=it" "(cn=prova123)" nTSecurityDescriptor
# record 1
dn: CN=prova123,CN=Aliases,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it
nTSecurityDescriptor: