[Samba] Posix vs. Windows File/Directory Permissions

Andrey Repin anrdaemon at yandex.ru
Wed May 13 09:26:04 MDT 2015

Greetings, Mike!

> I want to get a better understanding of what's happening between the posix
> permissions and windows permissions.

> I start with a Samba 4 AD DC with a share:  /mnt/data

> All subfolders and files have permissions and ownership that look like:

> drwxrwxrwx. 539 root root  52K May 12 17:50

> The Samba 4 Admin and User accounts are not local users on the linux
> server; they are only AD domain accounts.

That's not quite true.

> The /mnt/data share is set read only = no.  I thought the AD DC ignores the
> posix ownership and permission settings, and they are controlled by ADUC
> settings via windows tools.

It would only be true, if Samba would have faked the control stuff.
Thankfully, it is NOT true.
Samba do a mapping between AD SIDs and local POSIX uid/gid stuff.
So, at any point, the access control is the real access control.

> But when I chmod the directory to 0770:

> drwxrwx---  539  root  root  52K May 12  17:53

> I can no longer access the share /mnt/data using AD DC Admin or User
> accounts.

> Can I get an RTFM pointer that addresses what happening in this example?
> Thanks for your help.


Though, it is hardly an RTFM, but it gives you an idea.

With best regards,
Andrey Repin
Wednesday, May 13, 2015 18:21:09

Sorry for my terrible english...

More information about the samba mailing list