[Samba] "missing security tab" and related ACL issues

Stefan G. Weichinger lists at xunil.at
Sat Nov 10 09:40:53 UTC 2018

Am 09.11.18 um 17:13 schrieb Rowland Penny via samba:

>> I have 2 shares with "acl map full control = No"
>> is it possible that this is somehow read serially and influences
>> shares below as well? I know that behavior from other software.
> No, the parameters set on share only affect that share,and they
> override global settings.


> Can I make some suggestions ?

sure, that's why I am here

> If this isn't in [global], move it there:
>          map acl inherit = Yes
> Remove these lines where ever they occur, they are default settings:
> 	acl check permissions = Yes
> 	acl group control = No
> 	acl map full control = Yes
> 	inherit acls = No
> I would remove these, I am sure you don't really need them:
> 	force unknown acl user = Yes
> 	nt acl support = No
> 	acl map full control = No
> I would also remove this line, as you have it set, any executable can
> be run, even if it isn't set as an executable:
> 	acl allow execute always = Yes
> If you have any concerns about removing these lines, I suggest you
> read 'man smb.conf', I think you will see why I suggest removing the
> lines ;-)

I agree and will clean up asap. That server was set up and maintained by 
a former admin ... so far I tried to change only minor things to not 
break anything and keep the users happy.

But I absolutely see the need to clean up.

More information about the samba mailing list