[Samba] Windows ACLs
peter at howudodat.com
Mon Oct 3 19:17:10 UTC 2022
On 10/3/22 11:11, Rowland Penny via samba wrote:
> Remember what I said about 'acl_xattr:ignore system acls = yes', well
> I think this could be the problem, a bit of a chicken and egg problem.
> Until you set the permissions from Windows, it is likely that there
> are no Windows permissions and because you have set the above line,
> you cannot get permission to set them. So try removing the
> 'acl_xattr:ignore system acls = yes' line and try again.
This did the trick to get permissions set on the share. It is set for
Domain Admins and Domain Users as Full Control. I can now connect to
the server as a domain admin and domain user and create a folder and
text file in each folder. So that's awesome. Couple of things I noted
which are still outstanding:
1. new folders are created with Read only set, whether created by
member of domain admin or domain user. I would normally use directory
mask and create mask to control this, but since this is all now
controlled with windows ACLs, I'm not sure how to set a default mask (or
the default group for that matter, peter is a member of Linux Admins,
Domain Admins and Domain Users)
2. after removing read only and setting Domain Users to Full Control
a) peter (domain admin) creates a text file and writes to it.
office (domain user) can open that file and write to it. Perfect!
b) peter (domain admin) has read access to the folder and file
created by the domain user. but I should have full access, in fact when
evaluating access in windows, it says full access (
More information about the samba