[Samba] Posix vs. Windows File/Directory Permissions
rowlandpenny at googlemail.com
Wed May 13 09:02:55 MDT 2015
On 13/05/15 13:38, Mike wrote:
> I want to get a better understanding of what's happening between the posix
> permissions and windows permissions.
Nothing happens between posix permissions (acls) and windows permissions
(ACLs), they are different, see:
On Unix, you can set read, write and execute/enter permissions for the
owner, group or others, so for a share to be readable by some user who
is neither the owner or a member of the group allowed access, you must
set the Unix acls to 'rwxr-xr-x' or '755'. Now this is all well and good
if you just what to give others read access, but what if you want the
user to have write access as well ?
If a share has the owner: group set to fred:unixgroup, you could add
george to the group 'unixgroup' and change the acls to rwxrwxr-x (775)
but then every member of the group 'unixgroup' will have write permissions.
The answer to this? use windows ACLs, with these you could retain the
Unix acls and add george as a user that has write access, you can do
this from windows, or with setfacl:
setfacl -m u:george:rwx testdir
and to see the ACLs:
There is much more out there, just try a search on 'getfacl'
> I start with a Samba 4 AD DC with a share: /mnt/data
> All subfolders and files have permissions and ownership that look like:
> drwxrwxrwx. 539 root root 52K May 12 17:50
> The Samba 4 Admin and User accounts are not local users on the linux
> server; they are only AD domain accounts. The /mnt/data share is set read
> only = no. I thought the AD DC ignores the posix ownership and permission
> settings, and they are controlled by ADUC settings via windows tools. But
> when I chmod the directory to 0770:
> drwxrwx--- 539 root root 52K May 12 17:53
> I can no longer access the share /mnt/data using AD DC Admin or User
> Can I get an RTFM pointer that addresses what happening in this example?
> Thanks for your help.
More information about the samba