[Samba] Re: Samba & ACLs?

Chuck Kollars ckollars9 at yahoo.com
Fri Aug 24 01:49:34 GMT 2007


> From: Chuck Kollars <ckollars9 <at> yahoo.com>
> Subject: Samba & ACLs?
> Date: 2006-08-19 02:46:45 GMT 

> How exactly do Samba 3.x and ACLs interrelate? ... 
> I started out naively assuming that the *nix
> uidNumber/gidNumber Samba mapped the end user to 
> would behave exactly the same whether they were a 
> Samba user or were logged on locally. ...

After a year I think I understand well enough to
answer my own question (of course I may be wrong
anyway:-): The overdefined term ACL may refer to
_either_ Windows file permissions (including the NT
variant) _or_ the Linux/Posix file permissions
extension. In the Samba context questions about "ACL"s
can be indeterminate and often elicit answers from the
other point of view.  

At root, Samba does everything in terms of the Windows
ACL, then maps the result as best it can to *nix
permissions.

Samba offers a number of configuration options for
tweaking the way it handles Windows ACLs, including
some methods that have no exact analogue in the
Windows world. Samba lets you mash --within limits--
the *nix permission bits it calculates. Recent
versions of Samba are pretty good --again within
limits-- at being compatible with Linux/Posix ACLs and
assigning a Linux/Posix ACL to every file and folder
when it's created. 

But despite all the possible tweaks, the unchanging
core is that Samba always calculates the initial *nix
permissions according to its mapping of permissions
from the Windows world. So even though most of a
Linux/Posix ACL may be retained and even honored,
Samba ignores the  default:user::xxx  and 
default:group::xxx  parts of a  Linux/Posix ACL.
There's no way to configure Samba so it assigns
permissions to new files and folders _exactly_ the
same way a native Linux user would see them. 

thanks!


-Chuck Kollars


      ____________________________________________________________________________________
Luggage? GPS? Comic books? 
Check out fitting gifts for grads at Yahoo! Search
http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz


More information about the samba mailing list