[Samba] ACLS without winbind (but WITH correct user mapping)

steve steve at steve-ss.com
Fri Jun 22 05:22:23 MDT 2012

On 22/06/12 12:50, Colin Fowler wrote:
> On 22/06/12 11:46, steve wrote:
>> On 22/06/12 11:41, Colin Fowler wrote:
>>> On 21/06/12 17:50, Jeremy Allison wrote:
>>>> On Thu, Jun 21, 2012 at 05:50:45PM +0100, Colin Fowler wrote:
>>> Am I corect in thinking that this is something that would be desireable
>>> for others and not just me and my rather oddball configuration? For
>>> people using standalone servers, NSS/LDAP etc and any other places where
>>> winbind is not used, this would be a rather useful feature, no?
>> Hi Colin, Hi Jeremy
>> I don't think it's so oddball. We also use nss for our rfc2307
>> mappings from the S4 directory for Linux clients joined to the domain.
>> It works perfectly via NFS to Linux but acls on shares on s3fs between
>> Linux and windows are not quite right.
>> Colin: Are you talking about setting an acl on windows and it being
>> honoured by Linux and vica versa?
>> Jeremy: are you saying that acl mappings 'both ways' only work with
>> winbind?
>> If so, a big +1 from me to get the 'both' ways working. Very
>> desirable. Maybe this will get easier when we can put stuff like
>> create mode= and force group= in smb.conf.
>> Cheers,
>> Steve
> Hi Steve, yes, I'd like users to be able to set an ACL in Windows for a
> domain user and for it to be honoured in Linux for the mapped Unix user.
> Currently if I set an ACL in Linux for the Unix user, it actually
> appears correctly in the security dialog box on windows. I just can't
> set a new ACL from Windows.
> regards,
> Colin
Hi Colin
That's interesting. I have a bugzilla open on something similar:


So, when a user creates a file, e.g. in his home folder in windows, do 
the acl and permissions appear correct back on the fileserver or when 
the same file is viewed on a Linux client?


More information about the samba mailing list