[Samba] Read Only files, Extended Attributes and Microsoft Office Documents

Paul Littlefield info at paully.co.uk
Thu Nov 11 14:55:22 UTC 2021

On 11/11/2021 12:49, Rowland Penny via samba wrote:
> Samba 4.3.11 is dead as far as Samba is concerned, I suggest you upgrade, if you do have a problem, you have no chance of getting it fixed in that version and it may have been fixed in a later version.


However, I am still left with the fact that this issue was not a problem for Samba 4.3.x on this server for years.

> That '+' shows that extended ACL's exist, you can see these with 'getfacl'.

Thanks, here is the output of 'getfacl' on the test folder...

# file: /home/samba/shared/Penguin/
# owner: jbloggs
# group: users

# file: /home/samba/shared/Penguin/Hello hello hello.doc
# owner: jsmith
# group: users

# file: /home/samba/shared/Penguin/Test 2.txt
# owner: jbloggs
# group: users

I notice that the TXT file does not have any extended ACL information and yet was created from a Windows desktop, just like the Word document.

I also notice that the DOC file has group permissions of read only.

So, that answers _that_ one.

How do I stop ACL?!

> Are they members of a domain ? If so, why are you running Samba as a standalone server ?

No. That's all that is needed for this company.

They have Windows 10 Professional instead of Home for various reasons but have had this since day 1.

The ONLY thing I can think of is that they have changed their version of Microsoft Office to 365 (or whatever they call it nowadays :) recently and that's what's adding the ACL?

I am clutching at straws here and would appreciate any suggestions!




Paul Littlefield

Telephone: 07801 125705
Email: info at paully.co.uk
Wiki: http://wiki.indie-it.com/wiki/Special:AllPages
LinkedIn: https://www.linkedin.com/in/paullittlefield

Paul Littlefield is environmentally responsible. Please consider the environment before printing this email. This email and any attachment is intended for the named addressee only, or person authorised to receive it on their behalf. The content should be treated as confidential and the recipient may not disclose this message or any attachment to anyone else without authorisation. If this transmission is received in error please notify the sender immediately and delete this message from your email system. All electronic transmissions to and from me are recorded and may be monitored. Finally, the recipient should check this email and any attachments for viruses. Paul Littlefield accepts no liability for any damage caused by any virus transmitted by this email.

Linux Mint 20.2 (x86_64)

Tmesis is a linguistic phenomenon in which a word or phrase is separated into two parts, with other words interrupting between them... well, abso-blooming-lutely.

More information about the samba mailing list