The Samba-Bugzilla – Attachment 10455 Details for
Bug 10937
access based share enum = yes not working
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
attachment-1516640-0.html
attachment-1516640-0.html (text/html), 2.11 KB, created by
Krishna Harathi
on 2014-11-24 16:04:13 UTC
(
hide
)
Description:
attachment-1516640-0.html
Filename:
MIME Type:
Creator:
Krishna Harathi
Created:
2014-11-24 16:04:13 UTC
Size:
2.11 KB
patch
obsolete
><div dir="ltr">Jeremy,<div><br><div>Thanks for taking the time and explaining the behavior, appreciated.</div></div><div><br></div><div>Regards.<br></div><div class="gmail_extra"><div><div class="gmail_signature"><div dir="ltr"><div>Krishna Harathi</div></div></div></div> ><br><div class="gmail_quote">On Fri, Nov 21, 2014 at 2:59 PM, <span dir="ltr"><<a href="mailto:samba-bugs@samba.org" target="_blank">samba-bugs@samba.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><a href="https://bugzilla.samba.org/show_bug.cgi?id=10937" target="_blank">https://bugzilla.samba.org/show_bug.cgi?id=10937</a><br> ><br> >Jeremy Allison <<a href="mailto:jra@samba.org">jra@samba.org</a>> changed:<br> ><br> >      What  |Removed           |Added<br> >----------------------------------------------------------------------------<br> >       Status|NEW             |RESOLVED<br> >     Resolution|---             |WORKSFORME<br> ><br> >--- Comment #1 from Jeremy Allison <<a href="mailto:jra@samba.org">jra@samba.org</a>> ---<br> >This is actually working as designed - just the documentation sucks on it :-).<br> ><br> >access based share enum<br> ><br> >causes smbd to look at the share *security descriptor*, which is stored inside<br> >the share_info.tdb, not the listed permissions on the share in the smb.conf.<br> ><br> >You need to use the Windows share admin tool to set a security descriptor on<br> >the share, not the permissions in the smb.conf.<br> ><br> >The reason for this is that it's actually quite hard to determine if a user<br> >would have access to a share at enumeration time, due to things like "force<br> >user" etc. on a share definition. So currently this only checks the SD stored<br> >for the share, not the text based perms.<br> ><br> >Jeremy.<br> ><span class="HOEnZb"><font color="#888888"><br> >--<br> >You are receiving this mail because:<br> >You reported the bug.<br> ></font></span></blockquote></div><br></div></div>
<div dir="ltr">Jeremy,<div><br><div>Thanks for taking the time and explaining the behavior, appreciated.</div></div><div><br></div><div>Regards.<br></div><div class="gmail_extra"><div><div class="gmail_signature"><div dir="ltr"><div>Krishna Harathi</div></div></div></div> <br><div class="gmail_quote">On Fri, Nov 21, 2014 at 2:59 PM, <span dir="ltr"><<a href="mailto:samba-bugs@samba.org" target="_blank">samba-bugs@samba.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><a href="https://bugzilla.samba.org/show_bug.cgi?id=10937" target="_blank">https://bugzilla.samba.org/show_bug.cgi?id=10937</a><br> <br> Jeremy Allison <<a href="mailto:jra@samba.org">jra@samba.org</a>> changed:<br> <br>       What  |Removed           |Added<br> ----------------------------------------------------------------------------<br>        Status|NEW             |RESOLVED<br>      Resolution|---             |WORKSFORME<br> <br> --- Comment #1 from Jeremy Allison <<a href="mailto:jra@samba.org">jra@samba.org</a>> ---<br> This is actually working as designed - just the documentation sucks on it :-).<br> <br> access based share enum<br> <br> causes smbd to look at the share *security descriptor*, which is stored inside<br> the share_info.tdb, not the listed permissions on the share in the smb.conf.<br> <br> You need to use the Windows share admin tool to set a security descriptor on<br> the share, not the permissions in the smb.conf.<br> <br> The reason for this is that it's actually quite hard to determine if a user<br> would have access to a share at enumeration time, due to things like "force<br> user" etc. on a share definition. So currently this only checks the SD stored<br> for the share, not the text based perms.<br> <br> Jeremy.<br> <span class="HOEnZb"><font color="#888888"><br> --<br> You are receiving this mail because:<br> You reported the bug.<br> </font></span></blockquote></div><br></div></div>
View Attachment As Raw
Actions:
View
Attachments on
bug 10937
: 10455