[Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC

[Adam Thorn]

Ulrich Schneider <man at ulrichschneider.de> wrote:

>OK, I read a lot lot today ... last time I read samba manuals has been
>a 
>while ...
>
>so new to me is ... acls in the file system.
>
>so is this correct, I can adapt windows file security settings directly
>
>in windows ... and somehow mysteriously ... same thing is done in the 
>unix file system?

You began by asking about restricting access to shares, which is what the "valid users" option is for. That's compeletly independent of filesystem ACLs - it is, for example, entirely possible to permit all users access to a samba share, but set the filesystem permissions to deny read access (in which case a user can connect, but cannot see any files). The "valid users" setting is the same thing as saying in Windows "share this folder with..."

If you want to do more complex things with ACLs (like using the Windows security dialog box), you also need to set "nt acl support=yes" in the samba share config. That will only be useful if the filesystem you are sharing via samba supports ACLs, of course! I suggest looking at documentation on the getfacl and setfacl commands.

Adam