Joseph L. Casale wrote: > I haven't really done a lot with file sharing in Samba and seem > to be missing something here. I have a folder, /Share that has > > [r...@host ~]# getfacl /Share / > getfacl: Removing leading '/' from absolute path names > # file: Share > # owner: root > # group: ad\040sec\040group > user::rwx > group::rwx > other::--- > > It is also a mount point for a partition, so it has a lost+found that > is set 700 root:root. The share perms are: > > [Share] > comment = ... > path = /Share > browseable = no > writable = no > guest ok = no > printable = no > write list = @"DOMAIN+Domain Admins",@"DOMAIN+ad sec group" > > Why can users other than root manipulate the name of lost+found but > obviously not execute it, and enter it? Same if root makes a test > directory under /Share and sets it 700, users connected to the share > cannot access it, but can modify its name and/or delete it? > > Thanks! > jlc
Because on Unix (unlike Windows) these operations are controlled by the permissions of the *parent* directory. Since users in the "ad sec group" have rwx permissions on /Share, they are able to create / delete / rename files and directories inside /Share. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
