[Samba] ACLs and file/directory access permissions

John H Terpstra jht at samba.org
Tue Apr 29 16:49:24 GMT 2003

On Tue, 29 Apr 2003, Marek Bialoglowy wrote:

> Hello,
> I agree with you John. I don't claim it's samba-team's failure and I'm sorry
> if you understood me this way ... I should say "Extra ACLs" rather than
> "Proper ACLs". You do really great job there. I was just wondering if this
> kind of feature would be something useful in 'samba', just as some extra
> option. Probably if I would review this idea and think in perspective of
> implementation I could found it quite useless.

I was not in any way upset or irritated by your comments. You happen to
have echoed the very sentiment of feedback we receive a goodly amount of.
I can understand the demand for NT ACLs. To those who come from a pure MS
Windows networking environement the ACLs support in Samba is deficient.

> As far as I know samba is supporting xfs ACLs (if I'm right) and I believe
> this is already something great. I would already use ACLs with ext3 but I
> there are many notes saying that it is still too early.
> "SuSE Linux 8.1 supports ACLs on the ext2 and ext3 file systems. ACL support
> is also present in xfs and jfs, but using ACLs with either xfs or jfs is not
> recommended at this point, because there are known issues on both file
> systems."

I have been using POSIX ACLs on Linux for a long time. SuSE and Mandrake
both support this out of the box. All you need to do is mount with the
appropriate ACL support. I assumed that to be common knowledge in my

The issue I addressed in my reply to you is that even POSIX ACLs does NOT
give you 100% of what you are asking for. You are asking for 100%
compliant MS Windows NT ACLs so that you can do 100% of what you can in a
pure MS Windows NT environment using NT File Manager (Windows Explorer).

> That's why I was looking for other option and start thinking if I could
> somehow implement it in samba.

That is what I addressed in my comments to you. If you can not store NT
ACLs in the file system itself then the only other way is in a separate
database. IF you do that, then how will you keep that database current
with file system changes made in the Unix/Linux environment itself?

- John T.
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list