[Samba] Group permissions issues with winbind on

Craig Cameron Craig.Cameron at iongeo.com
Mon Jul 23 10:00:57 MDT 2012

Simple group permissions don't seem to work when winbind is running and smb.conf has "nt acl support = yes"

If you have a directory that is writeable by a group you are a member of - but you are not the file owner - you cannot delete any files underneath the directory (even if you do own them). However you can edit and save the files - just not delete them.

This also applies when using an extended ACL for the group, viz:

mkdir test
setfacl -m o::0,d:o::0,g::rwx,d:g::rwx test
chown user2:mygroup test

running getfacl test shows -

file: test
owner: user2
group: mygroup

However this results in Windows 7 returning the error "You do not have permission to access this" even though I am also a member of mygroup.

Stopping winbind or changing smb.conf to "nt acl support = off" makes it work correctly.

Access under Linux works as expected.

Can anyone shed light on this or point me to a fix?



This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original.

More information about the samba mailing list