[Samba] [mount.cifs] Mapping Windows ACLs SIDs to POSIX ACL ?

Shirish Pargaonkar shirishpargaonkar at gmail.com
Thu Oct 6 06:54:20 MDT 2011

On Thu, Oct 6, 2011 at 4:40 AM, Xavier Roche <roche+kml2 at exalead.com> wrote:
> Hi folks,
> This may sound like a really stupid question, but I could not find any way
> to somehow map remote Windows ACLs into POSIX ACLs (mapping users and group
> SIDs to Unix mapped ids) when mounting a remote share (mount.cifs) on a
> Linux box.
> Is is something not currently implemented ? The smbcacls tool can show the
> actual ACLs remotely, but this information is not exposed to the mounted
> filesystem apparently. The acl feature of the client seem to be an extension
> to CIFS allowing to handle POSIX ACLs, not something allowing a mapping.
> Any insightful remark or documentation would be welcome!
> [ Note: the only potential issue when mapping would be related to deny ACLs
> (AceType == ACCESS_DENIED_ACE_TYPE) ; something which is not mappable to
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
Currently cifs client maps DACL to Linux permission model
but not to POSIX ACL model.

You will need a kernel built with cifs_cifsacl config option
(because it is still maexperimental) and current cifs-utils package.
The manpages in that cifs-utils package will have info on how
to use mount option cifsacl and how to setup id mapping
(using winbind).

The current cifs-utils package has two binaries, getcifsacl
and setcifsacl, modeled after smbcacls.

Hope that helps. You may direct any further questions/concerns
to linux-cifs at vger.kernel.org mailing list.



More information about the samba mailing list