[Samba] Adding acls for Unix Users

Martin Rushton martinsworkmachine at gmail.com
Wed Sep 2 16:58:20 UTC 2020

On 02/09/2020 17:35, Rowland penny via samba wrote:

> On 02/09/2020 17:03, Maik Holtkamp via samba wrote:
>> Hi,
>> After we switched from an old NT4 PDC to a new AD DC, I am in the
>> process of changing the file/directory rights on our fileserver.
>> Some parts of the files/dirs on our fileserver are offered read-only to
>> the public (intranet only) by a webserver running on the same host.
>> However, I can't find an option to add the "Principal" www-data in my
>> windows tools and I was told that using chmod/own/grp is evil on a AD
>> controlled fileserver.
> I do not know who told you that, but it is wrong. If your users are 
> connecting to a webpage, it will be www-data that displays the data on 
> the webpage, so there is no reason why you cannot use chmod etc
>> Is it safe to use:
>> setfacl -m u:www-data:r-x <object>
> You could do that if you wished, it will store the permissions in a 
> different place from where changing the permissions on Windows does.
> Rowland
The enclosed may be of assistance.  It's something I wrote about three or four years ago to explain thing to sysops.
Obviously, beware changing capabilities!
J Martin Rushton MBCS

More information about the samba mailing list