-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jaan Talvet wrote: > Hello, > > We're porting all our windows file servers over to linux. I just joined > our samba server to Active Directory and it works great with ACL - I can > add/remove Sales, Marketing, IT groups etc.., unfortunately, so can > everyone else. > > Q) How can I restrict our regular windows XP users from manipulating the > "Properties -> Security" tab in file explorer? I'd need to restrict > that to only the "Domain Admins" group like in Windows. Right now, > anyone can add/remove groups - that's bad.
Change the ownership of the files directory to root and rely on group permissions. Assuming you have 'dos filemode = no' (the default), this should give you the semantics you want. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGyeghIR7qMdg1EfYRAidKAJ4hhmEYtXHKJANeHpqvTlKSANA/CgCeJFeV Tz4WDUgCN9W2gIeGbhtXSQ4= =9e7J -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
