[Samba] dsacls

Quentin Gibeaux qgibeaux at iris-tech.fr
Tue Jul 29 04:17:38 MDT 2014

On 29/07/2014 12:05, Stuart Naylor wrote:
> Are there any deny tools with samba4? Like the below example?
> To set the permission to deny read access of the homePhone attribute on a single user object, you can use this command:
> dsacls <DN of object> /D <security principal>:RP;homePhone
> For our example, the command would look like this:
> dsacls "CN=Doe\, John,OU=newOU,DC=root,DC=net" /D root\
> non-HR-users:RP;homePhone
It seems samba-tool do this :

~# samba-tool dsacl
Usage: samba-tool dsacl <subcommand>

DS ACLs manipulation.

   -h, --help  show this help message and exit

Available subcommands:
   set  - Modify access list on a directory object.

More information about the samba mailing list