Linux "NT" fileserver to interact with an NT PDC (including A CL a nd group permissions)

Mayers, P J p.mayers at
Thu Nov 18 13:27:15 GMT 1999

No, this isn't possible. You might want to investigate the ext2 ACL patch
(, which would allow you to set more than
(owner,group.other) triples. Samba doesn't yet (I think) support this, so
you can't change the ACLs with (say) Explorer, but I think Jeremy Allison
was working on it.


> -----Original Message-----
> From:	Paul Rogers [ at]
> Sent:	Wednesday, November 17, 1999 9:01 PM
> To:	Multiple recipients of list SAMBA-NTDOM
> Subject:	Linux "NT" fileserver to interact with an NT PDC (including
> ACL a nd group permissions)
> Hi,
> I've been using samba for ages now on my workstation to interact with our
> NT
> network. I rather foolishly suggested that we should have a Linux
> fileserver
> with a RAID-5 system, instead of the NT PDC because it is starting to
> become
> overworked (ahhhh Windows can't cope - again!). I've setup Samba 2.0.3
> correctly to authenticate with our NT PDC on my workstation and all is
> hunky-dory until someone mentioned about NT's ACLs and Group permissions.
> It
> is required by the powers above me that any Group Permissions setup on the
> NT PDC are adhered to by the fileserver (in this case to be a Linux box
> running samba).
> Now this is the crunch bit (because the solution may or may not have
> appeared on this list before - I apologise if this is a repeated
> question).
> If I have an NT fileserver and a Linux fileserver (running SMB), I setup a
> folder within a share that is created on both machines. Within this folder
> I
> place three files (on to both the NT and Linux server). On the NT
> fileserver, I can change the permissions by changing what groups/users
> have
> Read, Change, etc... control in the Permissions tab in the Properties
> window
> (right click on the file). Also I can change Group membership on the NT
> and the NT server will follow what the Group lists say on the NT PDC. Can
> I
> do the same with the Linux fileserver (i.e. changing the permissions on
> each
> file so that they are different - i.e. varying groups have varied degrees
> of
> access to the files).
> Imagine:
> PDC:
> Group called Sales which has user1 and user2 belonging to it
> Group called Tech which has user3 and user4 belonging to it
> NT:
> Home directories shared as \\testbox\home from C:\HOME
> Directory called products - C:\HOME\products (\\testbox\home\products)
> Under NT I can modify the permissions on the products directory to be
> readable by the group Tech and read-write access to the group Sales.
> Therefore everyone else has no access to this directory.
> Linux:
> Home directories shared as \\testbox2\home from /home
> Directory called products - /home/products (\\testbox2\home\products)
> Under Linux how would I setup samba to have multiple permissions setup
> over
> multiple groups, because under linux, you can have users belonging to
> multiple groups, but files / directories can only be owned by one group.
> The
> products directory would belong to the group Sales hence owned by
> user1.Sales and the permissions in octal would be 770 disallowing access
> from everyone. But this will not allow for the technical group to have
> read-only access
> Is it possible for a samba share on linux to be able to use the NT
> Groups/Permissions setup on the PDC?
> You're confused aren't you? - I know I am!
> 	Paul Rogers,
> 	Development Analyst.
> 	For and on behalf of MIS Corporate Defence Solutions Limited
> 	Tel:	44 (0)1622 723400	Switchboard
> 		44 (0)1622 723422	Direct Line
> 	Fax:	44 (0)1622 728690
> 	e-mail : at < at>
> 	web site : <>
> The information contained in this message or any of its attachments may be
> privileged and confidential and intended for the exclusive use of the
> addressee. If you are not the addressee any disclosure, reproduction,
> distribution or other dissemination or use of this communications is
> strictly prohibited. If you have received this transmission in error,
> please
> contact our Security Manager on 44 (0) 1622 723400.

More information about the samba-ntdom mailing list