[Samba] Samba Share ACLs

John H Terpstra jht at samba.org
Thu Oct 30 19:25:15 GMT 2003


On Wed, 29 Oct 2003, Douglas Phillipson wrote:

> Please See ACL related questions below...
>
> John H Terpstra wrote:
> > On Wed, 29 Oct 2003 Vahid.Asadi at computacenter.com wrote:
> >
> >
> >>Hi all,
> >>
> >> I have already set up a Samba 3.0 with Openldap as user repository. I have a question about share access controls.
> >> Chapter 13.1 of Samba-HOWTO-Collection describes:
> >>
> >> Samba offers a lot of flexibility in file system access management. These are the key access control facilities present
> >> in Samba today:
> >> 1) UNIX File and Directory Permissions
> >> 2) Samba Share Definitions
> >> 3) Samba Share ACLs
> >>    Just like it is possible in MS Windows NT to set ACLs on shares themselves, so it is possible to do this in Samba.
> >>    Few people make use of this facility, yet it remains on of the easiest ways to a ect access controls (restrictions)
> >>    and can often do so with minimum invasiveness compared with other methods.
> >> 4) MS Windows ACLs through UNIX POSIX ACLs
> >>
> >
> >
> >> I have a question about Point 3 Samba Share ACLs. Do I need Linux file
> >> system ACLs in order to be able to define Samba Share ACLs.
> >
> >
> > No, you do not! You need to use the Server Tools, or the Nexus package
> > from Microsoft as documented in the HOWTO.
> >
> Are you saying here that you don't need the ACL patch in linux to do
> ACL's?

How much more clear do I need to be?

I have written the HOWTO and clearly explained what you need to do to set
ACLs on Shares. Then you ask about this because it is not clear enough.

Let me try one final time:

1. If you want to set ACLs on Files and Directories, then you must have
ACLs support in your OS.

2. If you want to set ACLs on Shares, then you do NOT need ACLs support in
your kernel, you DO need to use the MS Server Manager to set ACLs on a
share.

3. If you want to force permission in a share definition you do NOT need
ACLs in your kernel.


I hope this is clear enough?


> >
> >> If not I have problems to define ACLs on shares via Windows Explorer
> >> from a Windows XP Workstation. my environment:
> >
> >
> > Using the files extracted from the SRVTOOLS.EXE installation, in
> > particular the Server Manager, you must edit the permissions on the Shares
> > themselves.
> >
> >
> >> Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8
> >> OpenLDAP 2.1.4 as suer repository.
> >> Samba 3.0 is configured as PDC.
> >>
> >> I can log from a Windows XP workstation in Samba Domain. I can connect to shares defined in smb.conf.
> >> All defined access controls in smb.conf works fine.
> >
> >
> > You must log on as the Administrator for the Domain (root).
> >
> >
> >> I try to set ACLs on following Share:
> >>
> >> [Test-Share]
> >>   path=/home/Test-Share
> >>   public = yes
> >>   printable = no
> >>   writeable = yes
> >
> Do you have to have "nt acl support = yes" in any share that will have
> it's acl's changed by the "server tools"?

No, you do NOT need to set "nt acls support = yes" to set ACLs on shares.
This feature has been deprecated and is no longer supported in
Samba-3.0.0.

>
> >
> > This is an example of setting share definition controls.
> >
> > - John T.
>
>

- John T.
-- 
John H Terpstra
Email: jht at samba.org



More information about the samba mailing list