[Samba] How to set ACLs with Samba4 AD?

Innocent Yevide inyevfr at yahoo.fr
Fri Jan 18 14:01:01 MST 2013

Hello Lee,

I am not sure I understand what is your real need. but If you don't want to use samba-tool, you can use windows explorer to set your acls...

assuming you have your file system supporting xattr, you can connect to your share drive from windows with a privileged account like the administrator. and then right click on the folder / property / security. you should be able to set/reset acls for users and groups....

what I used to do, is create my folder, give full priviledge and even acls (OS level) for all on that folder, and then as Admin on windows, I remove and set privilege for only those who need it.

You might need the following under your shared folder in smb.conf: vfs objects = acl_xattr



 De : Lee Allen <lee at leecallen.com>
À : samba at lists.samba.org 
Envoyé le : Vendredi 18 janvier 2013 22h12
Objet : [Samba] How to set ACLs with Samba4 AD?
I apologize if this is very beginner/basic.  In my defense, I can't get the
Samba4 documentation to compile on my system, and I can't find the man
pages online (a pointer to them would be extremely helpful).

And in general, I am having difficulty sorting through the documentation on
the wiki because much of it is clearly pre-Samba4 and therefore obsolete,
or at least questionable.  It's hard to know what is relevant.

Most of the posts I see here seem to be much better informed than I am.  I
would love to know how they obtained their knowledge.

So here is my question:
I am running Samba4 as an AD and file server.  How do I define ACLs for the
samba shares, for domain users & groups?
These users and groups are not defined on the underlying OS (CentOS 6.3).
It seems the answer is to do it via the underlying filesystem, but how is
that possible when the domain users & groups are not defined in the OS?

I see samba-tool has some ACL get/set capability.  Is that the answer?

Or is there some special magic to get CentOS to control file access by
referring to the Samba4 AD?

Many thanks in advance for any help.

And I would be very grateful for pointers to Samba4 introductory or
background material (I have used the HOW-TOs extensively).

Lee Allen
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list