Today I have had to deal with an environment where I had to fix a lot of sysvol permissions, with a lot of different policies with different permissions.
I had begun doing it by hand using samba-tool ntacl set sddl-ACL patg, but I soon realized this was a nightmare . Thus I invested some time in creating a small script on python that at least did part of this for me:
import os import sys arg = sys.argv command = "samba-tool ntacl set " wp = os.getcwd() for dirname, dirnames, filenames in os.walk(wp): os.system(command + "\"" + arg + "\" " + "\"" + dirname + "\"") files = [f for f in os.listdir(dirname) if os.path.isfile(os.path.join(dirname,f))] for f in files: os.system(command + "\"" + arg + "\" " + "\"" + dirname + "/" + f + "\"")
With this at least I had to do it once per policy. Once done, I just created a bash script that got the path and the sddl from samba-tool ntacl sysvolcheck (and run the script above until this command were ok:
#!/bin/bash until samba-tool ntacl sysvolcheck 2>/dev/null do DIR=$(samba-tool ntacl sysvolcheck 2>&1 | grep ERROR | cut -d" " -f12) PERM=$(samba-tool ntacl sysvolcheck 2>&1 | grep ERROR | cut -d" " -f19) cd "$DIR" python script.py $PERM done
Hope this is useful if you were looking for this.
P.S. You can find the code in my github under GPLv2 as ever