Setting ACLs via Windows client

Anthony J. Breeds-Taurima tony at cantech.net.au
Tue Sep 18 20:35:03 GMT 2001 

On Mon, 17 Sep 2001, Michels, Gustavo [EES/BR] wrote:

> A little question about ACLs; my test server is set up with XFS and has
> support for ACLs. I have built the latest samba cvs source with acl support
> and as far as I can see from the configure results, acls were detected and
> were compiled.

<snip>

> Can anyone help me or tell me where I can find more detailed documentation
> on setting ACLs for Samba?

Okay, I'm not certain I understand you're environment completely BUT I am
fully able to set the ACL's on files (and dirs) from NT4.0/Win2k from the owner
account.  ie it isn't enough to have write access to the file you must be the
owner.

Try this
share /tmp via samba (only temporarily this is generally a bad idea.

[root at router /tmp]# touch acledfile
[root at router /tmp]# chown DOMAIN+USER1:DOMAIN+Domain\ Admins acledfile
[root at router /tmp]# chmod 0660 acledfile
[root at router /tmp]# getfacl acledfile
# file: acledfile
# owner: DOMAIN+USER1
# group: DOMAIN+Domain Admins
user::rw-
group::rw-
group:DOMAIN+Domain Admins:rw-
mask::rw-
other::---

Then from the NT4.0/Win2k machine (logged in as USER) try to modify the ACL's.
it DOES work.

View the ACL,
[root at router /tmp]# getfacl acledfile
# file: acledfile
# owner: DOMAIN+USER1
# group: DOMAIN+Domain Admins
user::rw-
user:DOMAIN+USER3:rwx
group::rw-
group:DOMAIN+Domain Admins:rw-
mask::rw-
other::---

Then just change the owner to a different user note the is the _only_ change
you make
[root at router /tmp]# chown DOMAIN+USER2:DOMAIN+Domain\ Admins acledfile
[root at router /tmp]# getfacl acledfile
# file: acledfile
# owner: DOMAIN+USER2
# group: DOMAIN+Domain Admins
user::rw-
user:DOMAIN+USER3:rwx
group::rw-
group:DOMAIN+Domain Admins:rw-
mask::rw-
other::---

Now again on the NT4.0/Win2k workstation try to modify the ACL, it will fail.  This
is to be expected

Does that kinda, clarify what you can do with ACL's ???


Yours Tony.

/*
 * "The significant problems we face cannot be solved at the
 * same level of thinking we were at when we created them."
 * --Albert Einstein
 */

More information about the samba mailing list