[Samba] ACLS without winbind (but WITH correct user mapping)

Colin Fowler cfowler at scss.tcd.ie
Fri Jun 22 06:14:15 MDT 2012

On 22/06/12 12:22, steve wrote:
> On 22/06/12 12:50, Colin Fowler wrote:
>> On 22/06/12 11:46, steve wrote:
>>> On 22/06/12 11:41, Colin Fowler wrote:
>>>> On 21/06/12 17:50, Jeremy Allison wrote:
>>>>> On Thu, Jun 21, 2012 at 05:50:45PM +0100, Colin Fowler wrote:
>>>> Am I corect in thinking that this is something that would be 
>>>> desireable
>>>> for others and not just me and my rather oddball configuration? For
>>>> people using standalone servers, NSS/LDAP etc and any other places 
>>>> where
>>>> winbind is not used, this would be a rather useful feature, no?
>>> Hi Colin, Hi Jeremy
>>> I don't think it's so oddball. We also use nss for our rfc2307
>>> mappings from the S4 directory for Linux clients joined to the domain.
>>> It works perfectly via NFS to Linux but acls on shares on s3fs between
>>> Linux and windows are not quite right.
>>> Colin: Are you talking about setting an acl on windows and it being
>>> honoured by Linux and vica versa?
>>> Jeremy: are you saying that acl mappings 'both ways' only work with
>>> winbind?
>>> If so, a big +1 from me to get the 'both' ways working. Very
>>> desirable. Maybe this will get easier when we can put stuff like
>>> create mode= and force group= in smb.conf.
>>> Cheers,
>>> Steve
>> Hi Steve, yes, I'd like users to be able to set an ACL in Windows for a
>> domain user and for it to be honoured in Linux for the mapped Unix user.
>> Currently if I set an ACL in Linux for the Unix user, it actually
>> appears correctly in the security dialog box on windows. I just can't
>> set a new ACL from Windows.
>> regards,
>> Colin
> Hi Colin
> That's interesting. I have a bugzilla open on something similar:
> https://bugzilla.samba.org/show_bug.cgi?id=8938
> So, when a user creates a file, e.g. in his home folder in windows, do 
> the acl and permissions appear correct back on the fileserver or when 
> the same file is viewed on a Linux client?
> Cheers,
> Steve

Hi Steve, I'm running Samba 3.6.5 currently, not 4.0 and I'm running 
without winbind· When a user in windows (DOMAIN\bob) creates a file, it 
appears on linux as owned by the unix user bob. There's no acls on the 
file, just a file with the ownerships of bob and bob's primary group 
(staff). If on Linux I add an ACL for the user tom via setfacl, I can 
see the user tom in the security list in Windows as (Unix User\tom). 
What I can't do is add ACLs from windows.


More information about the samba mailing list