NT file-permissions

Oliver Raupach oliver at mm.gop.de
Tue Jul 20 20:03:21 GMT 1999

"Cole, Timothy D." wrote:
> Hrm; are you talking about "faking" full ACLs in Samba itself (probably
> using metadata stored in files someplace)

Yes, that's exactly what I need. 

I need a "special share" which supports the NT file permissions. So, I 
can add quick some users for read or write access for one single file 
or directory without building UNIX-groups....

> I'm don't think the former is a good idea:  it causes the burden of access
> control to fall on Samba, rather than the OS.  Among other things, that
> would allow (indeed, require, if the underlying OS did not support ACLs) the
> access granted by Samba and the OS to get out of sync.

Yes, thats right. Samba has to do the whole access control stuff.
Probably there
would be a special share like this:

    comment = Foo Stuff
    path = /samba_fs/foo
    full NT acl = yes
    acl file = /samba_fs/acl/foo_acl.dbm
    force user = foo_user
    force group = foo_group

"full NT acl" switch on the NT ACL support and "acl file = ...." is a
holding the NT ACL information. This database can only changed from NT
NT exporer....


  Oliver Raupach

More information about the samba-technical mailing list