[Samba] POSIX vs. Windows ACLs

Patrick Goetz pgoetz at math.utexas.edu
Tue Nov 2 09:49:01 UTC 2021

Another question referring to a Samba domain member file server.

The file system is ext4 on an Ubuntu 20.04.

I would like to use Windows ACLs so my windows users can change 
permissions on directories/files, but we also use linux data processing 
systems, so the permissions (beyond POSIX basic) need to work there, too.

I think this means I'm stuck using POSIX extended ACLs, with Windows 
users not being able to change permissions. Just want to make sure I 
understand all the possibilities:

Currently the linux systems access files through NFS mounts, so no hope 
of Windows ACLs working there, but if I were to bind the linux machines 
to the domain and do the mounts through SMB, would the linux systems 
respect the Windows ACL authorizations because permission is determined 
by the Samba file server? Understood that I would lose the ability to 
edit ACLs from linux, but the linux users are really Windows users 
working on a linux system because that's where the software is and they 
have no idea how to edit permissions there anyway.

Beyond this, if I'm working directly on the Samba file server, are there 
command line tools available for editing Windows ACLs, or is this 
sufficiently complicated that only a GUI will do?

The conjunction of linux and windows access control is a terrible mess, 
as already discussed, but the world doesn't stop moving as a result, so 
we will continue to cobble together bastardized arrangements that mostly 
work.  I'm at the Build a Frankenstein shop now...

More information about the samba mailing list