[Samba] Request for ACL experiences

Douglas Phillipson phillipd at oem.doe.gov
Wed Oct 29 20:13:42 GMT 2003

I'm having trouble with ACL's and wonder how many others are too.  I see 
conflicting answers and comments about different aspects of ACL's from 
many prople on the list.  I was wondering if ANYONE is successfully 
using ACL's with Samba 3.0 or above.

Questions I have that I'm sure many are asking are:

Was your Samba server configured as the DC?

What client OS were you setting ACL's on the Samba Share with? (Win2000, 
XP) What service pack (SP4 on Win2000???)

Did you have to have the ACL kernel patch?

Did you need "nt acl support = yes" in each share definition?

How did you setup your shares? (Working share Examples are good)

Did you have to use the "server Tools" downloaded from microsoft or 
could you simply right click on a file/folder and change the security ACL's?

How are you verifying the ACL's actually work?  Did you fully test any 
ACL you set through Windows by actually trying to make a user access a 
file to see that his access matched the ACL you set.

What was the scope of what you could really do with ACL's?

What didn't work with ACL's that you thought should?

Are you compareing the windows ACL's to the output of getfacl?

Could you use ACL's to add users to Samba printers?

How did you add Samba printers as Domain resources so you could add 
ACL's to them?  Or did you need to do this?

Did you have to do any setfacl commands in Linux?

Did you have to run winbind?

Did you have to do any "net groupmap" commands to make ACL's work?

I.E. net groupmap modify ntgroup="Domain Admins" unixgroup=root

Were there any commands/configurations you had to use to make ACL's work 
that were not covered in the 3.0 HowTo?

I think we could use some real world working examples here.  Please be 
VERY explicit and complete with concrete examples.  Assume those reading 
your answers are NOT experts!  If you see any missing questions that you 
think might be useful to using ACL's, please add them!


Doug P

More information about the samba mailing list