NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyNAS 2120 OS6 - AD group "Domain users" automatically has full control granted on subfolders
Hi all, I have a ReadyNas 2120 v2 OS 6.7.4 working in an active directory. I created shared folders following the instruction in: https://kb.netgear.com/7066/ReadyNAS-OS-6-Setting-Active-Directory-...
Hi,
When you create a new folder, that folder will inherit permissions from its parent folder. This is pretty standard, so if your share has full control (R/W) for Domain Users then your subfolder well as well. You want it be this way generally else you would have to set new perms on all new folders/files manually :)
If you don't want a given subfolder to inherit permissions, then just disable inheritance from the Windows side.
Cheers
Hi Hopchen, thanks for your replay.
Unfotunatelly the inheritance is not respected as I explained in my post to JennC.
Have a nice day.
Hi,
You need to remember that permissions on a newly created folder will be as follows:
The inherited permissions (from the parent folder)
and
Permissions that the user (who creates the folder) sets. Your user in AD/Windows have defult permissions that this user will add to every object it creates. Typically it will add itself as owner and add all its group memberships as well.
So, if your AD user is member of "Domain Users" for example, then the user will add the the "Doman Users" group to new object the user creates. This is probably what is happening to you?
Can you check (in AD) if the user you are testing with, is that user member of "Domain Users" (along with other groups perhpaps)?
Thanks
Hi Hopcen, thank you very much for your replay.
"Domain users" is the default primary group in an AD domain and all the users belongs to it.
A user can't be removed unless we establish another primary group.
Each of users belongs to many groups, but only "Domain users" is added automatically and this doesn't make sense to me.
I understand the user that create a folder is added but why the primary group?
Let say the user grants to a specific group of users, RO access on a folder. When he create a subfolder these users will have full control on it by default!
I have others shared folder both on QNAP NAS and Windows servers but only with this device I have the problem and staring from a recent OS update.
I remain of the idea that this is a serious security bug
Any other idea?
Hmm yeah maybe the NAS is doing something. It is interesting though.
I will try and run a little test at home tomorrow and let you know :)
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
