[Samba] Remove all Windows ACL's from files/folders

Jeremy Allison jra at samba.org
Fri Mar 25 22:39:43 UTC 2022

On Fri, Mar 25, 2022 at 05:37:26PM -0500, Patrick Goetz via samba wrote:
>On 3/25/22 17:35, Jeremy Allison wrote:
>>On Fri, Mar 25, 2022 at 05:27:55PM -0500, Patrick Goetz via samba wrote:
>>>On 3/24/22 12:10, Jeremy Allison via samba wrote:
>>>>On Thu, Mar 24, 2022 at 10:07:16AM -0700, Greg Sloop <gregs--- 
>>>>via samba wrote:
>>>>>What's the proper way to REMOVE all the ACL's assigned by Windows to a
>>>>>Samba share/folders/files?
>>>>>The short story is I was having problems assigning ACL's via 
>>>>>the Windows
>>>>>security dialog. I managed to fix that, but now users that I 
>>>>>assign rights
>>>>>to a file/folder simply don't have those rights, and I can't 
>>>>>figure out why.
>>>>>I want to make absolutely sure that all the previous ACL's are 
>>>>>gone so I'm
>>>>>sure I'm working with a clean setup. If I still have issues, 
>>>>>then at least
>>>>>I'm starting from a clean base, so working through the troubleshooting
>>>>>steps might be easier.
>>>>If you are storing Windows ACLs into EA's then recursively
>>>>remove system.NTACL from all files/directories. You'll
>>>>need to be root.
>>>Sorry, this lost me completely.  What is system.NTACL?
>>system.NTACL is the extended attribute smbd uses to
>>store the Windows ACL in ndr format.
>I figured this much, but am unsure about the syntax for doing this -- 
>could you provide an example, please?

The syntax for doing what ? smbd stores these values internally.
I think samba-tool can show them.

More information about the samba mailing list