[Samba] Samba Share ACLs

John H Terpstra jht at samba.org
Wed Oct 29 18:31:37 GMT 2003 

On Wed, 29 Oct 2003 Vahid.Asadi at computacenter.com wrote:

> Hi all,
>
>  I have already set up a Samba 3.0 with Openldap as user repository. I have a question about share access controls.
>  Chapter 13.1 of Samba-HOWTO-Collection describes:
>
>  Samba offers a lot of flexibility in file system access management. These are the key access control facilities present
>  in Samba today:
>  1) UNIX File and Directory Permissions
>  2) Samba Share Definitions
>  3) Samba Share ACLs
>     Just like it is possible in MS Windows NT to set ACLs on shares themselves, so it is possible to do this in Samba.
>     Few people make use of this facility, yet it remains on of the easiest ways to a ect access controls (restrictions)
>     and can often do so with minimum invasiveness compared with other methods.
>  4) MS Windows ACLs through UNIX POSIX ACLs
>

>  I have a question about Point 3 Samba Share ACLs. Do I need Linux file
>  system ACLs in order to be able to define Samba Share ACLs.

No, you do not! You need to use the Server Tools, or the Nexus package
from Microsoft as documented in the HOWTO.

>  If not I have problems to define ACLs on shares via Windows Explorer
>  from a Windows XP Workstation. my environment:

Using the files extracted from the SRVTOOLS.EXE installation, in
particular the Server Manager, you must edit the permissions on the Shares
themselves.

>  Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8
>  OpenLDAP 2.1.4 as suer repository.
>  Samba 3.0 is configured as PDC.
>
>  I can log from a Windows XP workstation in Samba Domain. I can connect to shares defined in smb.conf.
>  All defined access controls in smb.conf works fine.

You must log on as the Administrator for the Domain (root).

>
>  I try to set ACLs on following Share:
>
>  [Test-Share]
>    path=/home/Test-Share
>    public = yes
>    printable = no
>    writeable = yes

This is an example of setting share definition controls.

- John T.
-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list