[Samba] Samba - NT ACL implemented by Unix Posix ACL via Samba

Juer Lee juer.lee at plasmon.ie
Wed Mar 2 08:31:36 GMT 2005

This issue is not caused by that the client user doesn't have privilege to
set ACLs. 'admin users' won't help

-----Original Message-----
From: brennion at buerstner.com [mailto:brennion at buerstner.com] 
Sent: Wednesday, March 02, 2005 16:00
To: jerry at samba.org; juer.lee at plasmon.ie
Cc: samba at lists.samba.org
Subject: AW: [Samba] Samba - NT ACL implemented by Unix Posix ACL via Samba

I'm not an expert on that, but did you tried the following settings on
smb.conf for your share :

admin users = NTDOMAIN+Administrator
valid users = .....

I think this is necessary to use ACL with samba and ntdomain...

-----Ursprüngliche Nachricht-----
Von: Gerald (Jerry) Carter [mailto:jerry at samba.org]
Gesendet: Montag, 28. Februar 2005 16:43
An: Juer Lee
Cc: samba at lists.samba.org
Betreff: Re: [Samba] Samba - NT ACL implemented by Unix Posix ACL via

Hash: SHA1

Juer Lee wrote:

| 1.       Why Samba always think the owner always
| has 'READ' access right on a file, 'READ and WRITE' access
| rights on a directory? I checked the code of
| posix_acls.c, those bits are OR-ed by default

It was a workaround for some empty nttrans_set_security_descriptor()
requests IIRC.  Mostly had problems with profiles becoming

| 2.       Try to create a folder via the Samba
| Win2k client(make sure there are only base permissions
| on it - no any ACLs), right click on the folder and go
| to 'Security' tab, choose the owner in the name table,
| tick some check-boxes in column 'Allow' and
| click 'Apply', you will see two more entries 'CREATOR OWNER'
| and 'CREATOR GROUP' are displayed - I understand this
| is caused  by that the default ACLs are created.
| ut why the default ACLs for the owner is NOT created??
| The default ACLs can only be created when the
| former steps are repeated.

If I understand your question correctly, it is because Samba
only translates the acls as they exist on disk.  You can
setup the default acls from a shell prompt if you like.

cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list