- Joined
- Jul 3, 2015
- Messages
- 926
Hi All,
I've recently stumbled across an issue that I have been blind to for many years and wondered if you were aware or better still any idea of how to fix it.
I have various SMB shares with my TrueNAS 13 connected to AD using AD groups to manage permissions. I would normally apply a couple of ACEs one for the AD group that needs modify access and a storage admin group to have full control. However when a member of the modify AD group creates a folder they have the ability to remove the storage admin ACE from the ACL which is not ideal. I have tried removing the 'change permissions' option but this does nothing and various other tweaks but it appears no matter what I do I can't stop this behaviour. It's essentially treating the person who created the folder as the owner allowing them to do whatever they want with permissions. I've gone through some old boxes I have running on version 11 and the same applies.
Anyway appreciate any thoughts you may have.
I've recently stumbled across an issue that I have been blind to for many years and wondered if you were aware or better still any idea of how to fix it.
I have various SMB shares with my TrueNAS 13 connected to AD using AD groups to manage permissions. I would normally apply a couple of ACEs one for the AD group that needs modify access and a storage admin group to have full control. However when a member of the modify AD group creates a folder they have the ability to remove the storage admin ACE from the ACL which is not ideal. I have tried removing the 'change permissions' option but this does nothing and various other tweaks but it appears no matter what I do I can't stop this behaviour. It's essentially treating the person who created the folder as the owner allowing them to do whatever they want with permissions. I've gone through some old boxes I have running on version 11 and the same applies.
Anyway appreciate any thoughts you may have.