How best to implement user-level security within LINUX/SAMBA/WINDOWS
I have a SAMBA server running RHEL5 with SELINUX on permissive
SAMBA server is member server of 2003 AD domain
Using ADC security
I have a test share that within linux
default owner is root
default group is root
default chmod is 770
default ACL for user is rwx
default ACL for group is rwx
default ACL for other is ---
Within SAMBA for this share:
force group = root
read only = No
force create mode = 0770
force directory mode = 0770
Samba version is 3.0.25b-1.el5_1.4
In XP the ACLs are as expected, specifically Everyone has blank rights to any file within this share.
However if I create a file from an XP client within the share and look at the Properties/Security of the file, Everyone has Read access!
I am not sure how Windows is interpreting the LINUX ACL or SAMBA file properties, and would like to be able to remove Read access to Everyone
|