[Samba] Samba Scenario

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue Jul 6 08:23:56 MDT 2010

Linux ext3 and ext4 file systems should support acl's, which allow for 
multiple users and groups and the more fine grained controls you are 
looking for.    The "setfacl" and "getfacl" commands should verify if 
this is working.

I am running Samba on Solaris with the zfs file system- so this is not 
exactly your situation.   However it does demonstrate that Unix-to-Samba 
ACL support does work  (although not always perfectly.)

"testparm -v | grep acl" should let you know which options are available 
for smb.conf

On 07/06/2010 10:12 AM, Hasnain Badami wrote:
> Hi All
> I have been asked by my company management to look into moving file share
> server from Windows 2003 server OS to Ubuntu 10.4 using Samba. I have
> successfully configured active directory authentication using winbind and
> have configured samba  and am able to access my file share successfully.
> The complication arise as a result of implementing ACL mappings on Linux, as
> I need fine grained control over specific subfolders and files. From what I
> have read, I cant map all 13 permissions to respective unix rwx permissions.
> I have a use case where a certain group called A has read write execute
> rights on a folder/file but they shouldnt be allowed to delete the specific
> folder/file. On windows, all I have to do is set up my security permissions
> to deny 'delete subfolders and files' and 'delete' and it works well. In
> linux world I understand I cant do this as the user has rwx permissions on
> the folder/file and he can do whatever he likes.
> I googled a lot around this issue and found that if you set up sticky bit on
> the directory I can still read and write from the file or directory and wont
> be able to delete it. It works in case of most document types but MS office.
>  From samba help I figured that "Word does the following when you
> modify/change a Word document: MS Word creates a new document with a
> temporary name. Word then closes the old document and deletes it, then
> renames the new document to the original document name." The url is
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id2615334
> So
> if the sticky bit is set on the directory containing word files for
> instance, linux wont be able to delete the file (as required in write
> operations by MS office) and hence comes with an error.
> I shall be highly obliged if some one can shed light on this issue.
> Alternatively I would love to learn about other solutions for the use case
> mentioned.
> Thanks in advance
> Hass.

More information about the samba mailing list