[Samba] Windows ACLs
Rowland Penny
rpenny at samba.org
Mon Oct 3 15:14:53 UTC 2022
On 03/10/2022 15:38, Peter Carlson via samba wrote:
> I am trying to set up a samba file server with the following 2
> characteristics:
> 1) use RSAT tools to set ACLs
No you are not ;-)
> 2) new folders / files need to have group write permissions
> ie: UserData = Domain Users
> ie: AdminData = Domain Admins
> ie: Accounting = Accounting
>
> I think I'm about 90% of the way there after reading and following this
> guide:
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
I think you are about 90% away from setting up the permissions
Try this smb.conf:
[global]
security = ads
idmap config SDCP : range = 2000000-2999999
idmap config SDCP : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb
winbind refresh tickets = yes
winbind offline logon = yes
vfs objects = acl_xattr
map acl inherit = yes
[Test]
path = /data/test
comment = test
read only = no
acl_xattr:ignore system acls = yes
The last line in the share is interesting, it means what it it says,
ignore the system (Linux) acls, you can set these to what you like and
Samba WILL ignore them.
I suggest you read the wiki page again and follow it to the letter. you
may also need to install the 'acl' and 'attr' packages.
You should also be aware that synology uses its own version of Samba, so
something of theirs could be getting in the way, this is just a possibility.
More information about the samba
mailing list