[Samba] Adding acls for Unix Users

Maik Holtkamp s-y-l at gmx.net
Wed Sep 2 16:03:19 UTC 2020


After we switched from an old NT4 PDC to a new AD DC, I am in the
process of changing the file/directory rights on our fileserver.

Some parts of the files/dirs on our fileserver are offered read-only to
the public (intranet only) by a webserver running on the same host.

However, I can't find an option to add the "Principal" www-data in my
windows tools and I was told that using chmod/own/grp is evil on a AD
controlled fileserver.

Is it safe to use:

setfacl -m u:www-data:r-x <object>

on the linux CLI or does that imply any future nightmares with Windows
acls, too?

Any other best practise to get the issue done?

Sorry, but still a little scared to break something ;).

Mit freundlichen Gruessen/Best regrads                     Maik Holtkamp
Kirchstr. 76                                D-32278 Kirchlengern/Germany
Tel: +49 5223 879202                              Mob.: +49 172 203 5491
e-mail: s-y-l at gmx.net

More information about the samba mailing list