[Samba] Samba and POSIX ACLs

Klaus Hartnegg hartnegg at uni-freiburg.de
Sat Aug 13 16:09:53 UTC 2016

Am 13.08.2016 um 12:48 schrieb Reindl Harald via samba:
> that permissions/acl stuff is *a real* problem for many setups when a
> idiotic client is changing the permissions of a shared document, the
> person goes to vacation and other team members no longer have write access

Windows ACLs make it possible to differentiate: you can grant modify 
permission, but not the permission to change the permissions.

However the usefulness of this is very limited, because both in Linux 
and Windows the owner of files is always allowed to change permissions, 
regardless of what the permissions say.

Yes, this is indeed idiotic. Today there is a trend away from home 
directories to project directories, but this limitation of ACLs in Linux 
and Windows are not very well suited for such directories.

It does not need to be like this. In Novell Netware the admin really 
could decide who is allowed to change permissions. There this was the 
A-permission, access-control, and even the owners of files could only 
change permissions if the admin had granted them the A permission. They 
were usually given this in their home directory, but not in project 
directories, where many people need to have access.

More information about the samba mailing list