[Samba] NTFS ACL on database and vfs_acl_tdb

Matteo Maretto matteo.maretto at terredargine.it
Wed Mar 16 10:13:12 UTC 2016

we are migrating our fileserver from an old novell netware system to a 
samba4 system. With netware all ACL were stored in a database, so that 
it was possible to quickly find which files one user or group had access to.
I'm investigating the possibility of writing ntfs ACL on a database with 
samba. The module vfs_acl_tdb is able to do this, but values are hashed 
so that the db is not queryable.
Does anyone knows of a way to achieve this?

I've had a look at the code of the vfs_acl_tdb module and, for what I 
understood, the ACL are written both on a tdb and on the filesystem.
What's the behaviour of the module then?
When I use a software like icacls, to backup ACL, it looks like samba is 
reading from the filesystem, because it takes a long time.
But when I try to browse a directory with thousands of files, access is 
instantaneous. This makes me suppose samba is using the tdb.
Am I correct?

Thanks in advance for any help.

Si segnala che il presente messaggio non e' a carattere personale e le risposte allo stesso potranno essere conosciute dall'organizzazione lavorativa di appartenenza del mittente secondo le modalita' previste dal regolamento adottato in materia. Se per un disguido avete ricevuto questa e-mail senza esserne i destinatari vogliate cortesemente distruggerla e darne informazione all'indirizzo mittente.

More information about the samba mailing list