[Samba] Remove all Windows ACL's from files/folders

Patrick Goetz pgoetz at math.utexas.edu
Fri Mar 25 22:37:26 UTC 2022

On 3/25/22 17:35, Jeremy Allison wrote:
> On Fri, Mar 25, 2022 at 05:27:55PM -0500, Patrick Goetz via samba wrote:
>> On 3/24/22 12:10, Jeremy Allison via samba wrote:
>>> On Thu, Mar 24, 2022 at 10:07:16AM -0700, Greg Sloop <gregs--- via 
>>> samba wrote:
>>>> What's the proper way to REMOVE all the ACL's assigned by Windows to a
>>>> Samba share/folders/files?
>>>> The short story is I was having problems assigning ACL's via the 
>>>> Windows
>>>> security dialog. I managed to fix that, but now users that I assign 
>>>> rights
>>>> to a file/folder simply don't have those rights, and I can't figure 
>>>> out why.
>>>> I want to make absolutely sure that all the previous ACL's are gone 
>>>> so I'm
>>>> sure I'm working with a clean setup. If I still have issues, then at 
>>>> least
>>>> I'm starting from a clean base, so working through the troubleshooting
>>>> steps might be easier.
>>> If you are storing Windows ACLs into EA's then recursively
>>> remove system.NTACL from all files/directories. You'll
>>> need to be root.
>> Sorry, this lost me completely.  What is system.NTACL?
> system.NTACL is the extended attribute smbd uses to
> store the Windows ACL in ndr format.

I figured this much, but am unsure about the syntax for doing this -- 
could you provide an example, please?

More information about the samba mailing list