[Samba] Standalone with Windows ACL
rpenny at samba.org
Thu Oct 5 07:07:50 UTC 2017
On Wed, 04 Oct 2017 22:08:29 +0000
Tercio Gaudencio Filho via samba <samba at lists.samba.org> wrote:
> I'm configuring a standalone server(server role = standalone server)
> using POSIX ACLs to manage permissions on server.
> I need to manage permissions(At least basic ones, like read, write)
> from Windows GUI.
Ah, so you don't want to use POSIX ACLs, you want to use Windows ACLs
> Is that possible using standalone?
> When I try setting permissions on Windows I got this on the log:
> [2017/10/04 19:07:08.437837, 2]
> set_canon_ace_list: sys_acl_set_file type file failed for file
> AD225.TXT (Operation not permitted).
> I issued grant on server(tercio is my username):
> net rpc rights grant "tercio" SeDiskOperatorPrivilege -U "root"
> My conf:
> # Global parameters
> workgroup = SER-CAPITAL
> log file = /var/log/samba/log.%m
> max log size = 1000
> panic action = /usr/share/samba/panic-action %d
> usershare path =
> map to guest = Bad User
> obey pam restrictions = Yes
> server role = standalone server
> dns proxy = No
> idmap config * : backend = tdb
> path = /srv/samba/MyShare
> read only = No
You don't say what OS you are using, but on debian, you need to install
the acl & attr packages.
You need to be using a filesystem that understands ACLs, such as ext4
You also need to add these lines to smb.conf:
security = user
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
There is also a Samba wiki page about this:
More information about the samba