[Samba] Adding Share Windows ACL

Rowland Penny rpenny at samba.org
Fri Jan 26 15:31:55 UTC 2018 

On Fri, 26 Jan 2018 14:18:53 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:

> On Fri, 26 Jan 2018 14:10:40 +0100
> Micha Ballmann <ballmann at uni-landau.de> wrote:
> 
> > To set share windows permissions and windows acl i login on a
> > windows 7 computer with the administrator user.|Open ||Computer
> > Management and connect to the fileserver. when im trying now to set
> > acl i ve no permissions.|||||||
> > 
> 
> Well, I couldn't understand why it wasn't working, so I fired up a VM
> running win7 and guess what, it doesn't work for me either, it did,
> but it doesn't now :-(
> 
> I will get back to you.
> 
> Rowland
> 

OK, I found out why it wasn't working, I was connecting to a share that
belonged to 'root:root' with 'drwxr-xr-x' permissions.

I created a new share:

[data]
     path = /home/testdata
     read only = no

mkdir /home/testdata

getfacl /home/testdata shows this:

getfacl: Removing leading '/' from absolute path names
# file: home/testdata
# owner: rowland
# group: domain\040users
user::rwx
user:root:rwx
group::---
group:root:---
group:2004:r-x
group:2005:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::---
default:group:root:---
default:group:2004:r-x
default:group:2005:rwx
default:mask::rwx
default:other::---

Change the ownership:

chown root:Unix\ Admins /home/testdata

Now go to the Win7 VM and add 'rowland' back as a user with 'Read &
execute, List folder contents and Read' permissions. This worked
without error and getfacl now shows:

 getfacl: Removing leading '/' from absolute path names
# file: home/testdata
# owner: root
# group: unix\040admins
user::rwx
user:root:rwx
user:rowland:r-x
group::---
group:root:---
group:2004:r-x
group:2005:rwx
group:unix\040admins:---
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:rowland:r-x
default:group::---
default:group:root:---
default:group:2004:r-x
default:group:2005:rwx
default:group:unix\040admins:---
default:mask::rwx
default:other::---

Do you have these lines in smb.conf:

    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes

Are the 'acl' and 'attr' packages installed.

Rowland

More information about the samba mailing list