[Samba] Re: [acl] setting user/group permissions from windows

Heiko Harders heiko.harders at gmail.com
Fri Aug 8 12:25:33 GMT 2008

I found the solution for my problem.
The first time I installed samba, I didn't have the header files for
acl installed (libacl1-dev). But after I installed them I did a

configure --with-acl-support
make install

This didn't work for me. But I gave it another try, but now I first did a

make clean

Before I configure/make/make installed samba.
Is this default behavior? Or could it be a bug?


2008/8/7 Heiko Harders <heiko.harders at gmail.com>:
> Hello,
> I've setup a samba PDC (3.0.31) and I am using Windows Vista clients.
> Logging on works fine using roaming profiles and folder redirections.
> I am also able to write to shares, etc.
> Now I am trying to get the advanced permissions on files to work. So
> on my share:
> [share]
>        comment = Shared directories
>        path = /samba/share
>        read only = No
>        guest ok = Yes
> With the following user rights in Linux:
> drwxrwxr-x 5 nobody Domain Users 4096 2008-08-07 13:53 share
> I create a directory called 'test' with the user 'tdummy'.
> The permissions on this directory in Linux are now:
> drwxrwxr-x  3 tdummy Domain Users    4096 2008-08-07 13:23 test
> When I try to give the user 'mbuster' (also a member of the group
> "Domain Users") a special set of user rights from windows (using the
> security tab on the directory properties), I get the message that
> access is denied (whatever rights I choose). So I thought lets try it
> from the Linux side and I added some acl rights to that directory for
> the user 'mbuster'. So a getfacl now shows:
> # file: test
> # owner: tdummy
> # group: Domain\040Users
> user::rwx
> user:mbuster:rwx
> group::r-x
> mask::rwx
> other::r-x
> But the user permissions for 'mbuster' are not shown in the security
> tab of the windows file properties. So this does not seem to work (is
> it supposed to work like this?).
> I have build samba with the --with-acl-support option. In my fstab,
> the options acl and user_xattr are used. My smb.conf can be found
> overhere:
> http://pastebin.ca/1094618
> So, I have a properly working domain, users can log on, they can
> create/delete/modify files on their home directories and the shared
> directories, but I am not able to change acl permissions from windows
> and if I change them from Linux with setfacl, they are not shown nor
> do have any effect in Windows.
> Does anybody know what I am doing wrong? Or can a extensive guide to
> setup acl's properly be found somewhere (the guides I found were not
> that extensive and didn't work for me)?
> Greetings,
> Heiko

More information about the samba mailing list