I setup FreeBSD Samba Domain Controller and installed second machine running as NAS.
I joined the second machine to the Samba Domain Controller.
I used groups and users from the FreeBSD Samba Domain Controller.
But I'm fighting with the permissions currently.
My goal is to have a share where only 1 user has modify access and admins have full access.
The odd thing I noticed when I remove the everyone ACL rule on user01 it removes all FreeBSD rwx permissions for ower/group on the folder?
while on ACL it looks like this:
As result my Samba user share isn't accessible.
So, my question is what is the correct way of creating a secured folder for 1 user + admin users?
I noticed when I add everyone line to the ACL it allows me to have access again, but I don't like the everyone permissions. It feels less secure
I joined the second machine to the Samba Domain Controller.
I used groups and users from the FreeBSD Samba Domain Controller.
But I'm fighting with the permissions currently.
My goal is to have a share where only 1 user has modify access and admins have full access.
The odd thing I noticed when I remove the everyone ACL rule on user01 it removes all FreeBSD rwx permissions for ower/group on the folder?
Code:
$ ls -alf
total 55
drwxrwx--- 4 david domain_users 4 Jan 4 22:52 .
drwxrwxrwx 11 root wheel 11 Jan 4 22:53 ..
d---------+ 6 user01 domain_admins 25 Jan 5 01:57 user01
drwxrwxrwx+ 14 user02 domain_admins 15 Jan 5 11:49 user02
Code:
$ getfacl user01/
# file: user01/
# owner: user01
# group: domain_admins
group@:rwxpDdaARWcCos:fdi----:allow
owner@:rwxpDdaARWc--s:fdi----:allow
user:david:rwxpDdaARWcCos:-------:allow
So, my question is what is the correct way of creating a secured folder for 1 user + admin users?
I noticed when I add everyone line to the ACL it allows me to have access again, but I don't like the everyone permissions. It feels less secure
Code:
everyone@:------a-R-c--s:-------:allow