[Samba] chown destroys ACLs

Klaus Hartnegg hartnegg at gmx.de
Thu Jul 17 08:39:49 MDT 2014

On 17.07.2014 16:02, Rowland Penny wrote:
> You posted 'fs objects = acl_xattr' was this a typo?

The 'v' was lost in copy & paste.

> also do you have the 'attr' package installed.


> A quick test by creating a test dir by root and adding a users ACL with
> setfacl and then changing the owner and group via chmod & chgrp never
> touched the ACL.

Yes, but when ACL was changed in Windows, doing chown in Linux resets 
the Windows-ACL to the Linux-ACL. Is there a way to prevent this?

> Having said all that, why are you altering the ownership of the
> directories and files on Linux, set them (as per the wiki) once on
> linux, then set or change them from a windows client.
> If you don't have any windows clients, learn how to use setfacl.

I have *only* Windows clients, but each day some directories and files 
are created by a process that does not set owner and permissions. I 
tried to use setfacl, smbcacls, and samba-tool ntacl. None of them works:
- smbcacls fails to propagate inherited permissions.
- samba-tool says "ERROR: Unable to read domain SID"
- setfacl puts things into the Windows ACL that do not belong there, for 
example Unix Group, and other options cannot be set.

So I used icacls in Windows to set permissions and owner, although it is 
awfully slow when changing files on a Samba server. But when I then look 
at the files in Linux, they have the wrong owner. When I fix this with 
chown, then the Windows-ACL is gone. So I must first chown in Linux, 
then icacls in Windows, or accept that the owner shown in Linux is 

There should really be an easier way to do this.


More information about the samba mailing list