Modified ACL by a user : How admins gets over the rights
Hello SFS admintsrators.
I work on SFS since one year, and i want share with you some tips.
For exemple, a customer give me a challenge about a modification of ACL on some directory.
The case : a user got rights on his directory to protect some datas and forbiden administrators or domain user to access to his datas.
The question : How administrators could get over the rights to backup, move, migrate or modify files and directory in this folder ?
The answers : 2 ways to solve this issue :
1. Export the CIFS share with the default option "no_full_acl". In this case, the documentation say the following.
- full_acl : All Windows Access Control Lists (ACLs) are supported except in the case when you attempt using the Windows Explorer folder Properties > Security GUI to inherit down to a non-empty directory hierarchy while denying all access to yourself.
- no_full_acl (Default) : Some advanced Windows Access Control Lists (ACLs) functionality does not work. For example, if you try to create ACL rules on files saved in a CIFS share using Windows explorer while allowing some set of file access for user1 and denying file access for user2, this is not possible when CIFS shares are exported using no_full_acl.