[Samba] POSIX vs. Windows ACLs

Stefan Kania stefan at kania-online.de
Tue Nov 16 14:50:32 UTC 2021


why don't you use pam-mount for the Linux-clients? If they are in the
domain it works fine, and you won't have problems with the permission

Am 02.11.21 um 10:49 schrieb Patrick Goetz via samba:
> 
> Another question referring to a Samba domain member file server.
> 
> The file system is ext4 on an Ubuntu 20.04.
> 
> I would like to use Windows ACLs so my windows users can change
> permissions on directories/files, but we also use linux data processing
> systems, so the permissions (beyond POSIX basic) need to work there, too.
> 
> I think this means I'm stuck using POSIX extended ACLs, with Windows
> users not being able to change permissions. Just want to make sure I
> understand all the possibilities:
> 
> Currently the linux systems access files through NFS mounts, so no hope
> of Windows ACLs working there, but if I were to bind the linux machines
> to the domain and do the mounts through SMB, would the linux systems
> respect the Windows ACL authorizations because permission is determined
> by the Samba file server? Understood that I would lose the ability to
> edit ACLs from linux, but the linux users are really Windows users
> working on a linux system because that's where the software is and they
> have no idea how to edit permissions there anyway.
> 
> Beyond this, if I'm working directly on the Samba file server, are there
> command line tools available for editing Windows ACLs, or is this
> sufficiently complicated that only a GUI will do?
> 
> The conjunction of linux and windows access control is a terrible mess,
> as already discussed, but the world doesn't stop moving as a result, so
> we will continue to cobble together bastardized arrangements that mostly
> work.  I'm at the Build a Frankenstein shop now...
> 
> 

-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter
https://www.dgn.de/dgncert/index.html




More information about the samba mailing list