[Samba] Permissions at the top of a Samba share

🦏 Peter Rindfuss peter.rindfuss at wzb.eu
Mon Aug 26 14:20:28 UTC 2019


I have a question regarding permissions at the top of a share as seen
from a Windows 10 client.

We are using Samba 4.10.6-Debian (van Belle) on Debian 10 (Buster) with
one AD controller and one file server.

The top directory of our main share on the file server has, on the Linux
level, these permissions reported by getfacl:
# file: ...
# owner: root
# group: domain\040users
# flags: ---

i.e. there are no rights for "other" and no default entries in the Posix
ACL (i.e. there is no Posix ACL at all, just plain Linux permissions)

getfattr -d -e hex -m - ...
shows user.DOSATTRIB="<something>", but no "security.NTACL=" and no

The Windows security editor, however, has two entries for "Everyone":
Allow Everyone None    'This folder only'
Allow Everyone Special 'Subfolders and files only', the special rights
being read permission.

I am wondering where the read permission for 'Subfolders and files only'
comes from as there is no trace of this on the Linux side.

Thanks, Peter

More information about the samba mailing list