Setting ACLs via Windows client

David Brodbeck DavidB at
Mon Sep 17 13:44:02 GMT 2001

I've been having the same problem with Windows NT 4 clients, Samba 2.2.1a,
and ext2fs with the ACL patches.  I can set the ACLs just fine with setfacl,
and the clients honor them, but I can't set them from NT.  It just silently
fails.  I've asked about this a few times on the list and gotten basically
no response, but I'm hoping maybe it'll be fixed in 2.2.2 because it's a
major annoyance.  I'm running Samba 2.2.1a with winbindd from an older HEAD

Setting ACLs with setfacl isn't too hard, though it's a bit of a pain.  You
can do things like:

setfacl -m "g:DOMAIN+Programmers:rwx" foo

to add a group to the ACL list for a file or directory.  To set a default
ACL on a directory, just add a -d before the -m.  You can make changes
recursively with the -R switch.  Removing an entry is similar:

setfacl -x "g:DOMAIN+Programmers" foo

The only gotcha is that if you set UNIX permissions with chmod, they're
combined with the ACL permissions to create the most restrictive
interpretation.  So most of the time it's best to avoid chmod and use
setfacl to set those permissions, too.  (For example, 'setfacl -m g::rx

Interestingly enough, I have "map hidden = yes", and my NT clients can turn
the hidden bit on and off just fine, as long as they're the owner of the
file they're working on, but setting ACLs doesn't work.

-----Original Message-----
From: Michels, Gustavo [EES/BR]
[mailto:gustavo.michels at]
Sent: Monday, September 17, 2001 4:29 PM
To: samba at
Subject: Setting ACLs via Windows client


A little question about ACLs; my test server is set up with XFS and has
support for ACLs. I have built the latest samba cvs source with acl support
and as far as I can see from the configure results, acls were detected and
were compiled.

Note: I am using winbind to authenticate the users.

Can I set the acls permissions from a windows 2000 client? I am trying to do
this for a while without success... After I set the folder's permission in
windows (add any user/group from the domain), looking again from the client
does not show the change I have just made in the permissions... Anyone with
similar problems?

The folder is chmoded 01777 and I am trying to make this change using a
domain account declared as an admin user in smb.conf.

Here are the results of getfacl:

[root at splus001 files]# getfacl departments/
# file: departments/
# owner: root
# group: root

I also tried reading the manpages of setfacl but without any visible

Can anyone help me or tell me where I can find more detailed documentation
on setting ACLs for Samba?


To unsubscribe from this list go to the following URL and read the

More information about the samba mailing list