[Samba] File share permissions act different on member server than on DC
davor.vusir at live.se
Sat Oct 19 01:15:46 MDT 2013
From: Marc Muehlfeld
Sent: Tuesday, October 15, 2013 7:06 AM
To: Keith McCormick ; samba at lists.samba.org
Subject: Re: [Samba] File share permissions act different on member server than on DC
Am 15.10.2013 03:29, schrieb Keith McCormick:
> To enable my member server's ACLs to work just like the DC, as far as
> Windows is concerned, I needed to add the following parameters to the
> global section of smb.conf file on the member server:
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = Yes
> These parameters are apparently added in the background by default for
> the smbd processes that are spawned by samba. Until I added those items,
> just like you I could never get the ACLs to stick and work correctly.
> Many of them were incorrectly labeled, also, even though the number was
> correct and the same as on the DC.
> Something to note: I believe the vfs object parameter does require that
> xattrs work on the file system that you use.
Thanks for that information. I'll try that later and give feedback.
To unsubscribe from this list go to the following URL and read the
I'm running a combined DC and file server using LVM. Data is on different volumes. And to get rid of the annoying ACEs you first mentioned, Marc, I had to put the parameters Keith mentions in the section of the actual share.
root at ostraaros:/usr/src/samba-v4-1-test# more /etc/fstab
/dev/mapper/data-familjen /data/familjen ext4 acl,user_xattr 0 2
root at ostraaros:/usr/src/samba-v4-1-test# more /usr/local/samba/etc/smb.conf
path = /data/familjen
read only = No
csc policy = disable
map acl inherit = Yes
store dos attributes = Yes
vfs objects = recycle,acl_xattr
recycle:keeptree = Yes
recycle:versions = Yes
recycle:maxsize = 1073741824
More information about the samba