[Samba] Windows ACLs

Bailey Allison ballison at 45drives.com
Thu Sep 22 23:01:09 UTC 2022

Hey Chris,

When mapping the share in Windows and checking the properties of the share,
does your Domain Admins account appear within the permissions list? If so,
does it list it as being Full Control or Read and Execute?

If it lists it as Read/Execute, this is most likely why you are getting
permission denied. There are 2 things you can try to do to remedy.

First, if you remove the line acl_xattr:ignore system acls = true from your
samba share configuration, restart samba then check the permissions you
should then see the Domain Admins group has full control rather than read
and execute.

Otherwise, if you're to make the owner user on a linux a domain user who is
part of domain admins (ex. chown domain\user:domain\domain admins share),
you should then be able to connect to the share with that user, then grant
the Domain Admins group full control, and from there modify permissions on
the share further.



More information about the samba mailing list