b831976977
By default, when a Windows SMB share is created, 'Everyone' will have read access. This is a problem, since we call 'Set-SMBPathAcl', which will apply the share ACE at the filesystem as well. This means that anyone that can log in to the share server will have read access to the share. We'll avoid this by granting read access to the 'NULL SID' when creating the share, avoiding the default access to 'Everyone'. Closes-Bug: #1612746 Change-Id: I913a887f24db7f1354008aacebcd0f477887aeef
6 lines
148 B
YAML
6 lines
148 B
YAML
---
|
|
security:
|
|
- Ensure we don't grant read access to 'Everyone'
|
|
by default when creating CIFS shares and the
|
|
Windows SMB backend is used.
|