[Samba] [acl] setting user/group permissions from windows

Heiko Harders heiko.harders at gmail.com
Thu Aug 7 12:21:55 GMT 2008


I've setup a samba PDC (3.0.31) and I am using Windows Vista clients.
Logging on works fine using roaming profiles and folder redirections.
I am also able to write to shares, etc.

Now I am trying to get the advanced permissions on files to work. So
on my share:

	comment = Shared directories
	path = /samba/share
	read only = No
	guest ok = Yes

With the following user rights in Linux:
drwxrwxr-x 5 nobody Domain Users 4096 2008-08-07 13:53 share

I create a directory called 'test' with the user 'tdummy'.
The permissions on this directory in Linux are now:
drwxrwxr-x  3 tdummy Domain Users    4096 2008-08-07 13:23 test

When I try to give the user 'mbuster' (also a member of the group
"Domain Users") a special set of user rights from windows (using the
security tab on the directory properties), I get the message that
access is denied (whatever rights I choose). So I thought lets try it
from the Linux side and I added some acl rights to that directory for
the user 'mbuster'. So a getfacl now shows:

# file: test
# owner: tdummy
# group: Domain\040Users

But the user permissions for 'mbuster' are not shown in the security
tab of the windows file properties. So this does not seem to work (is
it supposed to work like this?).

I have build samba with the --with-acl-support option. In my fstab,
the options acl and user_xattr are used. My smb.conf can be found

So, I have a properly working domain, users can log on, they can
create/delete/modify files on their home directories and the shared
directories, but I am not able to change acl permissions from windows
and if I change them from Linux with setfacl, they are not shown nor
do have any effect in Windows.

Does anybody know what I am doing wrong? Or can a extensive guide to
setup acl's properly be found somewhere (the guides I found were not
that extensive and didn't work for me)?


More information about the samba mailing list