[Samba] Using Windows ACL on a samba3 share

?icro MEGAS micromegas at mail333.com
Wed May 8 03:19:31 MDT 2013

Hello folks,

I have some directories within a samba 3.x share which I want to give granulated security settings for various users and groups. I could use of course "setfacl" and POSIX ACLs to accomplish that, but some of these ACL should be also able to be set by some users. These users of course has no access to my linux host where samba3 is running, so they only can do that by right-clicking the directory/file and set the permissions through Windows explorer. Unfortunately this doesn't work in our case. My filesystem where the samba3 shares reside on is mounted with acl and xattr and I have double-checked that. Posix ACLs work fine. But as soon as the owner of a directory or file tries to add some other users with access on it, the change is not applied after clicking on the button "Apply". It looks like the windows client cannot set these security settings. My share looks like that:

              path = /disk01/share1
admin users =  "@Domain Admins"
              read only = No
              create mask = 0775
              directory mask = 0775
              nt acl support = yes
              vfs objects = acl_xattr
              invalid users = @restricted

the command "mount" shows:

/dev/xvdb1 on /disk01 type ext4 (rw,acl,user_xattr)

What am I doing wrong, why this doesn't work? Any help appreciated.

Thanks in advance,

More information about the samba mailing list