Rights issues _ Full control vs modify

[keerby]

Hi

I'm a little bit confused with security in TrueNas.
In the Windows NTFS world as per i understand/see, modify = Read, Write, Modify and Execute and Full control = Same+ the possibility to modify the security.

In truenas 12.0-u2.1 i've set a public share with everyone modify and admins full control.
I just noticed that on windows i was able to add someone in the security tab with a standard user.

it's working fine if i play with advanced permission in truenas but is it a bug or an intended choice? is so, what is the difference between the 2 roles?

 

[anodos]

Hi

I'm a little bit confused with security in TrueNas.
In the Windows NTFS world as per i understand/see, modify = Read, Write, Modify and Execute and Full control = Same+ the possibility to modify the security.

In truenas 12.0-u2.1 i've set a public share with everyone modify and admins full control.
I just noticed that on windows i was able to add someone in the security tab with a standard user.

it's working fine if i play with advanced permission in truenas but is it a bug or an intended choice? is so, what is the difference between the 2 roles?

Owner of file is able to modify the ACL. Same as is case in windows. If your situation is different, please PM me full details on how to reproduce.

 

[keerby]

Owner of file is able to modify the ACL -> yes but only if "create owner" group is present. it was not in my case.
--
just understand my issue, i didn't realize that "apply permissions to child datasets" enable inherited permissions... i was focus on that "special permission" checkbox but not realized that rights can come elsewhere. That's now working as expected.
-
Thanks for your quick answer and support

 

[anodos]

^^^ Created file with NULL DACL

Added new ACL entriy.

 

[anodos]

The ability to restrict what the owner of a file could do with it was not introduced until around Server 2008 with the special SID S-1-3-4 (OWNER_RIGHTS).