[Samba] Samba Share ACLs

John H Terpstra jht at samba.org
Thu Oct 30 21:28:59 GMT 2003 

On Thu, 30 Oct 2003, Adam Williams wrote:

> > > >> I have a question about Point 3 Samba Share ACLs. Do I need Linux file
> > > >> system ACLs in order to be able to define Samba Share ACLs.
> > > > No, you do not! You need to use the Server Tools, or the Nexus package
> > > > from Microsoft as documented in the HOWTO.
> > > Are you saying here that you don't need the ACL patch in linux to do
> > > ACL's?
> > How much more clear do I need to be?
> > I have written the HOWTO and clearly explained what you need to do to set
> > ACLs on Shares. Then you ask about this because it is not clear enough.
> > Let me try one final time:
> > 1. If you want to set ACLs on Files and Directories, then you must have
> > ACLs support in your OS.
> > 2. If you want to set ACLs on Shares, then you do NOT need ACLs support in
> > your kernel, you DO need to use the MS Server Manager to set ACLs on a
> > share.
> > 3. If you want to force permission in a share definition you do NOT need
> > ACLs in your kernel.
> > I hope this is clear enough?
>
> Huh?  So do I need ACL support in Samba..... :)

If you have ACLs support in your kernel, and you want to access them from
a Windows client (ie: using Samba), then YES you need to link Samba with
the acls-devel libraries.

If all that you want is ACLs on shares, then NO, you do not need to link
samba with the acls-devel libraries.

>
> > > Do you have to have "nt acl support = yes" in any share that will have
> > > it's acl's changed by the "server tools"?
> > No, you do NOT need to set "nt acls support = yes" to set ACLs on shares.
> > This feature has been deprecated and is no longer supported in
> > Samba-3.0.0.

Oops! Poops! You've all got me! Sorry. "nt acls support" is still in use.
I checked the smb.conf man page and found it missing. This proves that the
docs need to be updated - there's a bug in the docs.

> Table 13.3 still lists "nt acl support" listed, and it is mentioned
> several times in 13.4 & 13.5 (at least in my version of the HOWTO PDF).

Yup. Correct. Thanks for speaking up!

> It is not listed in the "Removed Parameters" (30.3.1) section;  which it
> should be if it is deprecated?\

Nor should it be. I goofed up!

> Maybe this facilitates some of the confustion.

Oh, yes!

> Or my version of the PDF is too old.

They all are. A new one will be issued with samba-3.0.1.

- John T.
-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list