[Samba] How to set ACLs with Samba4 AD?

Lee Allen lee at leecallen.com
Sat Jan 19 10:27:30 MST 2013

Inno, that works very well - thank you!

It's not that I don't want to use samba-tool to maintain ACLs, I don't know
how to -- I cannot find any documentation on the program.  I have
successfully compiled all of Samba4 but the docs will not compile on my

If anybody can point me to a man page for samba-tool I would really
appreciate it.

Thanks again Inno!


On Fri, Jan 18, 2013 at 4:01 PM, Innocent Yevide <inyevfr at yahoo.fr> wrote:

> Hello Lee,
> I am not sure I understand what is your real need. but If you don't want
> to use samba-tool, you can use windows explorer to set your acls...
> assuming you have your file system supporting xattr, you can connect to
> your share drive from windows with a privileged account like the
> administrator. and then right click on the folder / property / security.
> you should be able to set/reset acls for users and groups....
> what I used to do, is create my folder, give full priviledge and even acls
> (OS level) for all on that folder, and then as Admin on windows, I remove
> and set privilege for only those who need it.
> You might need the following under your shared folder in smb.conf: vfs
> objects = acl_xattr
> Regards,
> Inno.
>   ------------------------------
> *De :* Lee Allen <lee at leecallen.com>
> *À :* samba at lists.samba.org
> *Envoyé le :* Vendredi 18 janvier 2013 22h12
> *Objet :* [Samba] How to set ACLs with Samba4 AD?
> I apologize if this is very beginner/basic.  In my defense, I can't get the
> Samba4 documentation to compile on my system, and I can't find the man
> pages online (a pointer to them would be extremely helpful).
> And in general, I am having difficulty sorting through the documentation on
> the wiki because much of it is clearly pre-Samba4 and therefore obsolete,
> or at least questionable.  It's hard to know what is relevant.
> Most of the posts I see here seem to be much better informed than I am.  I
> would love to know how they obtained their knowledge.
> So here is my question:
> I am running Samba4 as an AD and file server.  How do I define ACLs for the
> samba shares, for domain users & groups?
> These users and groups are not defined on the underlying OS (CentOS 6.3).
> It seems the answer is to do it via the underlying filesystem, but how is
> that possible when the domain users & groups are not defined in the OS?
> I see samba-tool has some ACL get/set capability.  Is that the answer?
> Or is there some special magic to get CentOS to control file access by
> referring to the Samba4 AD?
> Many thanks in advance for any help.
> And I would be very grateful for pointers to Samba4 introductory or
> background material (I have used the HOW-TOs extensively).
> Lee Allen
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

*Lee Allen*
email: lee at leecallen.com
bus: (716) 773-2729
home: (716) 773-2326
cell: (716) 880-0854
fax: (716) 408-8844

More information about the samba mailing list