[Samba] Any drawback in changing primary group of domain users ?

Rowland penny rpenny at samba.org
Fri Feb 26 10:28:14 UTC 2021

On 26/02/2021 09:41, Roy Eastwood via samba wrote:
> @Rowland I think the OP's problems stem from the fact that both POSIX ACLs and Windows ACLs are in play.

On the wikipage: 

It says this:

Do not set ANY additional share parameters, such as force user or valid 
users. Adding them to the share definition can prevent you from 
configuring or using the share.

However, there isn't anything on the POSIX wikipage: 

> I have scanned the WiKi and can find no reference to adding the line:
> 	acl_xattr:ignore system acl = yes
> to either the share share definition or the global section of smb.conf when using Windows ACLs.

Using that setting only really makes sense if you are using Windows 
ACL's, because you want to use the system acl's if using setfacl. 
Whichever method you use, Windows or POSIX ACL's, you should not mix 
them. Either set the permissions from Windows or on the Samba server 
using setfacl.


> Is it worth making this clear by adding it to the https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> page?
> Roy

More information about the samba mailing list