[Samba] SaMBa 4.16.4 adds users to ACLs as groups

Tamás Németh nt1277 at gmail.com
Thu Jun 15 15:18:28 UTC 2023

Thank you for the answer.

 I understand that default (POSIX) ACLs will lead to similar results, but
the parent directory of this file had no default ACL, and when opening its
properties / security dialog I also don't see any inheritance specified.
However I can accept that SaMBa works this way and I can even see that Word
did some deliberate ACL manipulation, but this "piling up" of ACL
information doesn't happen either on a native Windows file server or with
vfs_acl_xattr. And at least partially this may be the reason why using
POSIX ACLs with SaMBa is deprecated :-(

Best regards,


Christian Naumer <christian.naumer at greyfish.net> ezt írta (időpont: 2023.
jún. 15., Cs, 8:42):

> Am Mittwoch, dem 14.06.2023 um 18:48 +0200 schrieb Tamás Németh via samba:
> > # file: newfile.docx                      #This file has a (probably
> > unnecessary) POSIX ACL
> > # owner: user_1
> > # group: domain\040users
> > user::rw-
> > user:user_1:rw-                            #I'm already the owning user
> > having the same permissions. Why am I also explicitly added to the POSIX
> > ACL?
> > group::rw-
> > group:domain\040users:rw--        #It's already the owning group having
> the
> > same permissions. Why is it also explicitly added to the POSIX ACL?
> > mask::rwx #Shouldn't it only be rw?
> > other::---
> This has nothing to to with Samba if ACLs are enabled and the directory
> has some default ACLs
> this also happens if you create the file on the server via ssh or on the
> cli. At least this is
> the case for me.
> Regards
> Christian

More information about the samba mailing list