Univention Bugzilla – Bug 35343
Describe share access configuration and acl
Last modified: 2020-07-02 17:19:51 CEST
We should really describe how to configure shares to able to restrict access ans so on. This article should also show the common ways for debugging the reason why access works or doesn't work
Some simple examples for common requests can be found here: http://forum.univention.de/viewtopic.php?f=48&t=3331#p11700 And at Ticket#: 2014071121000357
*** Bug 24308 has been marked as a duplicate of this bug. ***
(In reply to Arvid Requate from comment 24308#c2) > Ok, but I think we need to update both articles with respect to the changes > due to the activation of the VFS module "acl_xattr". > > Two points here: > > 1. This is what smb.conf sais about "dos filemode": > > "Note that using the VFS modules acl_xattr or acl_tdb which store native > Windows as meta-data will automatically turn this option on for any share > for which they are loaded, as they require this option to emulate Windows > ACLs correctly." > > 2. NTACLs separately define the right "change permissions", see e.g. > http://technet.microsoft.com/en-us/library/bb727008.aspx > > Since "acl_xattr" is enabled in univention-samba and univention-samba4 by > default since UCS 3.0 (Bug #25248), it's more important to point out that > this option is only relevant for pre-UCS 3.0 and that Windows client tools > should be used in conjunction to UCS 3.x to figure things out on the NTACL > level.
(In reply to Tim Petersen from comment #0) > This article should also show the common ways for debugging the reason why > access works or doesn't work including some examples of how to use windows (i)cacls.exe (<https://support.microsoft.com/en-us/kb/919240/en-us>) and smbcacls.
Changes and improvements for SDB entries aren't tracked in Bugzilla anymore, so I close these entries. Please comment on help.univention.com or get in touch with the Univention Support team in case you have any suggestions for the SDB.