[Samba] Restricting samba subfolder acl changes to admin users

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Oct 14 06:13:13 MDT 2010

On Thu, Oct 14, 2010 at 08:05:38AM -0400, suresh.kandukuru at emc.com wrote:
> I am talking about users who has write access  on the
> share, not necessarily owners of the file/sub folders in
> it.  can we disallow the (some) users who has write access
> on the share to change subfolder ACL's in it?. I want to
> give this ACL change permission only to specific set of
> users .  I think this is valid requirement in general use
> case.

Yes, I think this might be a valid use case, although Samba
does not right now do this. It would require a patch to add
this capability along the lines of "valid users" etc.

However, I think this might cause quite a few problems. For
example, if you make such a share available offline,
disallowing setting of ACLs will cause severe problems when
clients synchronize their data. Moreover, some applications
like for example Microsoft Excel explicitly set the ACL when
saving files. You need to check if disallowing this does not
cause you trouble.


More information about the samba mailing list