[Samba] acl_xattr

Rowland Penny rpenny at samba.org
Fri Dec 16 13:18:51 UTC 2022

On 16/12/2022 13:01, Piviul via samba wrote:
> I need to share a folder in a way that some groups members have write 
> permissions to the share and some other groups members can only read 
> files on the share, the others members can't access at all.
> I don't care about acl, all files/directory in the share should have the 
> same access.  Do you think that disabling acls in a such way
> vfs objects = acl_xattr
> acl_xattr:ignore system acls = yes
> valid users = <read groups list>,<write group list>
> read list   = <read groups list>
> write list  = <write group list>
> force group = staff
> create mask = 0664
> force create mode = 0664
> directory mask = 0775
> force directory mode = 2775
> would be a good idea

Well, NO

You only need the 'vfs objects' line in '[global]' and the path and 
'read only = no' in the share, you then set the permissions from Windows.

if you do add 'acl_xattr:ignore system acls = yes' , it does what it 
says, Samba will ignore the system acls.

I suggest you read 'man vfs_acl_xattr' and this wiki page:


If you want to set up Samba as you suggest, only do it on a Unix domain 
member and do not set 'vfs objects = acl_xattr'.


More information about the samba mailing list