[Samba] ACL - samba vs filesystem

Rowland Penny rpenny at samba.org
Thu Jul 19 12:10:25 UTC 2018

On Thu, 19 Jul 2018 12:50:04 +0100
lejeczek via samba <samba at lists.samba.org> wrote:

> >> Samba is 4.7.1 on Centos 7.5
> yes, shell is posix and samba is win acl, yes.
> Samba is a PDC(the only controller) in classic mode, security = user
> (no AD), with ldap user backend.
> Windows boxes are clients of only that samba domain.
> When do shell/posix I do it on Samba server locally.
> If I, well.. certainly not purposefully so not I, again: pretty
> vanilla samba config, so...  if samba ignores posix and calculates
> mask independently then where does she do it?
> inherit acls = Yes - this seems to work, ACLs are there but that 
> mast/effective is not what posix gets me, and I'd like samba to do
> what setfacl mandates.
> Also:  acl map full control = Yes - is set by default.

I haven't a clue, mainly because, even with several hints, you haven't
posted the smb.conf from the PDC (and until your latest post, I didn't
know this much).

What filesystem is running on the Centos machine ? is it ext4 or
something else that understands acls and attrs ? If so, are the 'acl' &
'attr' packages installed ?
If they are, then I would investigate the security.NTACL extended

Finally, can I leave you with these wise words:

Start planning the upgrade of your NT4-style domain to an Active
Directory one now, before it is too late.


More information about the samba mailing list