Got it Volker . Thanks . once final Q is ,I have admin user in NAS . for a share "test" , he has given write access to user "user1 " and read access for a subfolder -> "testsubdir" in share "test" . when user1 logged into share "test", he could not write into "testsubdir". obviously it is because he has read access on the folder an most restrictive access will be effective.
and the problem is since the user1 has write access to share , he is able to change the read access on the sub folder by himself. why samba is allowing this ? since effectively user1 has read access on the sub folder "testsubdir" it should deny acl changes on that right?. Thanks Suresh -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Volker Lendecke Sent: Friday, October 15, 2010 2:27 PM To: Kandukuru, Suresh Cc: [email protected]; [email protected] Subject: Re: [Samba] Restricting samba subfolder acl changes to admin users On Fri, Oct 15, 2010 at 02:07:55AM -0400, [email protected] wrote: > Thanks Volker. Adding Jeremy, as my manager told me that > let samba team know that I am part of EMC lifeline team .. > and some of team members discussed with Jeremy regarding > some other samba problems. > > > Volker , if you don't mind can you elaborate this , if we > make share offline , how the setting of acls goes through > the samba source code.? When you make a folder available offline, then when a user comes back and re-synchronizes his data, then the client will set ACLs. I'm not sure how it reacts when you deny that. The setting of ACLs goes comes into the Samba source code in source3/smbd/nttrans.c, there we have the function called call_nt_transact_set_security_desc. From there we end up in set_sd and via the VFS we call SMB_VFS_FSET_NT_ACL, which is by default the function set_nt_acl() in smbd/posix_acls.c. Hope that helps, Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
