[Samba] Samba Share ACLs

John H Terpstra jht at samba.org
Wed Oct 29 22:08:08 GMT 2003 

On Wed, 29 Oct 2003, Douglas Phillipson wrote:

> Please See ACL related questions below...
>
> John H Terpstra wrote:
> > On Wed, 29 Oct 2003 Vahid.Asadi at computacenter.com wrote:
> >
> >
> >>Hi all,
> >>
> >> I have already set up a Samba 3.0 with Openldap as user repository. I have a question about share access controls.
> >> Chapter 13.1 of Samba-HOWTO-Collection describes:
> >>
> >> Samba offers a lot of flexibility in file system access management. These are the key access control facilities present
> >> in Samba today:
> >> 1) UNIX File and Directory Permissions
> >> 2) Samba Share Definitions
> >> 3) Samba Share ACLs
> >>    Just like it is possible in MS Windows NT to set ACLs on shares themselves, so it is possible to do this in Samba.
> >>    Few people make use of this facility, yet it remains on of the easiest ways to a ect access controls (restrictions)
> >>    and can often do so with minimum invasiveness compared with other methods.
> >> 4) MS Windows ACLs through UNIX POSIX ACLs
> >>
> >
> >
> >> I have a question about Point 3 Samba Share ACLs. Do I need Linux file
> >> system ACLs in order to be able to define Samba Share ACLs.
> >
> >
> > No, you do not! You need to use the Server Tools, or the Nexus package
> > from Microsoft as documented in the HOWTO.
> >
> Are you saying here that you don't need the ACL patch in linux to do
> ACL's?

No. I am saying that you do NOT need the ACLs patch in order to be able to
set ACLs on shares using the Server Manager tool.

If you want file system ACLs, you DO need the ACLs patch in your kernel.

You asked specifically about ACLs on shares!

- John T.

> >
> >> If not I have problems to define ACLs on shares via Windows Explorer
> >> from a Windows XP Workstation. my environment:
> >
> >
> > Using the files extracted from the SRVTOOLS.EXE installation, in
> > particular the Server Manager, you must edit the permissions on the Shares
> > themselves.
> >
> >
> >> Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8
> >> OpenLDAP 2.1.4 as suer repository.
> >> Samba 3.0 is configured as PDC.
> >>
> >> I can log from a Windows XP workstation in Samba Domain. I can connect to shares defined in smb.conf.
> >> All defined access controls in smb.conf works fine.
> >
> >
> > You must log on as the Administrator for the Domain (root).
> >
> >
> >> I try to set ACLs on following Share:
> >>
> >> [Test-Share]
> >>   path=/home/Test-Share
> >>   public = yes
> >>   printable = no
> >>   writeable = yes
> >
> Do you have to have "nt acl support = yes" in any share that will have
> it's acl's changed by the "server tools"?
>
> >
> > This is an example of setting share definition controls.
> >
> > - John T.
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list