[Samba] How to make "Add permission" for folder in system withntacl support?

John Drescher drescherjm at gmail.com
Wed Oct 31 17:52:45 GMT 2007

On 10/31/07, Georgy Goshin <gosha at inbox.ee> wrote:
> Hi!
> Let's go back to this topic please! I have to replace the Windows NT 4.0
> server with Samba but I still don't know how to do this. I need to allow to
> someone (some user group) the right to add files into the folder. They use
> this "feature" on current NT server ver often and to this in the following
> ways:
> 1. Rightclick on file you want to add, Copy, then go to server, for exaple
> (\\main\), locate the desired share name, rightclick on it and Paste.
> 2. Just drag the files you want to add to desired sharename.
> But when you will try to go in the same share, you will receive the
> "permission denied" message and will  not be able to read the files or just
> list them.
> Is there a way to make it with Samba or not?
Unless you are doing something weird this should be easy. The first
thing is to fix the unix filesystem permissions so that the users in
question have the correct acl and permissions (probably you need to
chmod 2775) so that if they were logged into the unix server they can
add files and folders to the same location that you are sharing out
via samba.

> > setfacl -m g:"ntadmins":rwx -R /home/ntadmins
> >
> > Now, the second type of permissions apply to any file (or directory) that
> > is created in /home/ntadmins:
> >
> > setfacl -m d:g:"ntusers":--- -R /home/ntadmins
> > The effect of the second setfacl command says that the group ntusers will
> > be explicitly given no access to any file or directory created in
> > /home/ntadmins.
> I tried to do this way but it create a subfile or subfolder readoble and
> writeable at lease by creator. In case with NT user who has a right only for
> adding files can not go into the folder and see and read the content there
> even if he just added this content into this folder or share.
> Please point me to the right way, thanks.
You need to post the details of your setup including of the
permissions on the unix side.


More information about the samba mailing list