[Samba] ACL questions

Cisowski, Daniel daniel.cisowski at eds.com
Fri Feb 18 11:44:48 GMT 2005

Hi all,

I'm planning a migration from Sun Microsystems' PCNetLink CIFS service to
Samba and have a problem I cannot solve:

Is there a possibility to map Windows ACLs to reflect the following:

We have user groups with their own group directories. We need to provide
some users in their group directories the ability to
read/create/modify/remove files, but they must not be able to change
permissions on the files/directories. In particular they must not take
ownership of files they are not owners of.

I've tried to test this using Samba 3.0.10 on Solaris 9 and compiled with
--with-acl-support. The configuration for my test share has the following
ACL relevant settings:
	security mask = 0777
	force security mode = 0
	directory security mask = 0777
	force directory security mask = 0
But, if I try to set the following permissions (all except Full Control):
	Read & Execute
	List Folder Contents
using Windows Explorer connected to the share on a subdirectory of the
share, I get 777 on UNIX file system and my Windows client sees 'full

I'd be glad if anybody could confirm if the situation described above is
normal Samba behavior or not and if my problem can be solved at all (using

Thanks in advance

Best regards,


Daniel Cisowski
EDS Operations Services GmbH
Eisenstr. 58 (58-5-M)
D-65428 Ruesselsheim
mailto:daniel.cisowski at eds.com
jabber:daniel.cisowski at eim.eds.com

More information about the samba mailing list