[Samba] SMB Windows ACL functionality
Rowland Penny
rpenny at samba.org
Tue Jul 12 07:35:46 UTC 2022
On Mon, 2022-07-11 at 22:58 -0300, Bailey Allison via samba wrote:
> Good evening,
>
>
>
> I am currently trying to setup an SMB share using Windows ACLs for
> permissions per the article:
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>
>
>
> However I am running into a bit of confusion when it comes to
> actually
> setting the share permissions on the root of the share.
>
>
>
> Per the guide I have the following options set within samba:
>
>
>
> map acl inherit = Yes
>
> vfs objects = acl_xattr
>
> acl_xattr:ignore system acls = yes
The last line was added to the wiki (by myself) after being recommended
by a user. I do not use that line and, sorry to say', I didn't test it.
>
>
>
> In addition, I have granted the "DOMAIN\Domain Admins" group the
> SeDiskOperatorPrivilege.
>
>
>
> In addition, I have changed the permissions on the shared directory
> to:
>
>
>
> chmod 0770 /mnt/smb
>
> chown root:"DOMAIN\Domain Admins" /mnt/smb
The problem is that you have 'acl_xattr:ignore system acls = yes' and
it does exactly what it says, it makes Samba ignore the system (Linux)
acls, or to put it another way: the '0770' and 'root:Domain\ Admins'.
I will update the wiki.
Rowland
More information about the samba
mailing list