[Samba] Posix vs. Windows File/Directory Permissions

Mike 1100100 at gmail.com
Fri May 15 08:20:06 MDT 2015


On Fri, May 15, 2015 at 4:37 AM, Klaus Hartnegg <hartnegg at uni-freiburg.de>
wrote:


> Not sure which email you mean. I don't think that this can happen. If the
> Linux acls are modified, the Windows ACLs are destroyed and all is based on
> the Linux permissions and acls (which looks strange when viewed from
> Window). If the Windows ACLs are modified, Samba automatically adjusts the
> Linux acls accordingly. They should always be in sync.
>

Klaus,

I think my test demonstrated what you are saying.
I changed a share's permissions from root:root rwxrwxrwx to root:root
rwxrwx---
And then the windows AD Administrator account was no longer able to access
the share.
If I made a linux user account on the server called "Administrator" and did:

setfacl -R -m -u:Administrator:rwx /mnt/data

then the Administrator would be configured using posix acl's for access to
the share.

I guess the moral of the story:

if you don't want to setup AD domain users with linux user accounts on the
server, and are serving shares only to windows clients - DON'T touch posix
permissions or acl's.  Use Microsoft ADUC and Samba4 will interpret/provide
the acl settings to the linux filesystem.

Is that close to correct?


More information about the samba mailing list