[Samba] mixing Windows ACL and POSIX ACL shares on one server?

Matthias Leopold matthias.leopold at meduniwien.ac.at
Thu Nov 14 22:29:21 UTC 2019

Am 14.11.19 um 23:03 schrieb Jeremy Allison via samba:
> On Fri, Nov 15, 2019 at 10:51:41AM +1300, Andrew Bartlett via samba wrote:
>> On Thu, 2019-11-14 at 21:45 +0100, Matthias Leopold via samba wrote:
>>> Hi,
>>> I posted a similar question in 2018 with no answers, so I'll try
>>> again:
>>> Is it possible to have shares with Windows ACLs and shares with
>>> ACLs on the same server (security = user)? Since share permissions
>>> are
>>> handled differently for both types of shares I'm not sure if this
>>> will
>>> work. I know I could try it out myself, but the question again just
>>> came
>>> to my mind and I think there will be clear answer by someone who
>>> knows.
>> Yes, use acl_xattr to store the windows acl if you want that handled
>> faithfully.  The last ACL to be set will win.
>> If you set a POSIX ACL then any windows ACL that has been set will be
>> ignored.  If you set a windows ACL on the same file then it will be
>> translated into posix and also stored.
>> So, the idea is that it would 'just work'.
> Yep, +1 Andrew, that's the way it's meant to work (was
> designed that way). There might be some tricky corner
> cases but mostly this is the way most Samba installs
> use ACLs.

thank you. you are all focusing on ACLs, I'm rather sure they will work, 
my concern is rather management of share permissions. will 
share_info.tdb (Windows ACL share) work alongside with "valid users" 
(POSIX ACL share)?


More information about the samba mailing list