[Samba] Adding acls for Unix Users

Rowland penny rpenny at samba.org
Wed Sep 2 16:35:31 UTC 2020

On 02/09/2020 17:03, Maik Holtkamp via samba wrote:
> Hi,
> After we switched from an old NT4 PDC to a new AD DC, I am in the
> process of changing the file/directory rights on our fileserver.
> Some parts of the files/dirs on our fileserver are offered read-only to
> the public (intranet only) by a webserver running on the same host.
> However, I can't find an option to add the "Principal" www-data in my
> windows tools and I was told that using chmod/own/grp is evil on a AD
> controlled fileserver.
I do not know who told you that, but it is wrong. If your users are 
connecting to a webpage, it will be www-data that displays the data on 
the webpage, so there is no reason why you cannot use chmod etc
> Is it safe to use:
> setfacl -m u:www-data:r-x <object>
You could do that if you wished, it will store the permissions in a 
different place from where changing the permissions on Windows does.


More information about the samba mailing list