I'm having trouble with network shares. Specifically with mac clients accessing home shares on a NAS. The fix has been to remove certain permissions on the Library folder.
in the past, i've used set-acl to set acls on locally mounted drives, but with the QNAP NAS i have set-acl doesn't work, so i'm stuck with icacls.
i'm trying to grant a user specific permissions. essentially, FULL but without "Change Permissions" or "Take Ownership"
i thought that:
icacls $folderpath /grant :(OI)(CI)(GR,WD,X)
would do it. certainly using :(OI)(CI)(GR,WD) gives me everything except traverse/execute. However, adding that X results in Full persmissions.
if i attempt to deny permissions (WO,WA,WEA) then i get lots of success responses, but no changes in the actual ACL.
Is there a trick i'm missing here? I can manually grant that final traverse/execute permission, but manual is exactly what i don't want!
is this a QNAP idiosyncrasy?
Best Answer
you can do it very simple with de following command:
me M of Modify gives you permission in all the path you selected but without the permission "take ownership" or "set permissions"
hope this helps!