Anyone know how to add ACL support to SAMBA?

Gavin McCullagh gmccullagh at
Thu Feb 28 10:00:25 GMT 2008


On Wed, 27 Feb 2008, john wrote:

> I use samba to allow windows clients to access shares on our linux
> file server. I'd like to enable support for ACLS so that I can use
> windows permissions under linux.
> Does anyone know how I can accomplish this. Do I need to recompile
> SAMBA to support acls or is it a simple addition to smb.conf?

I'm afraid it's not that simple at all at least as I understand it.  There
are two issues, one is ACLs (the ability to create lots of different
permissions for lots of different users/groups), the other is windows
permissions themselves.

If you need ACLs on linux you can install the acl package², turn them on at
the filesystem mounting and use them.  Some details are here:
If you look at "man smb.conf" you can search for ACL and see the various

Permissions must be represented in the filesystem and unix filesystems have
support for read, write, execute and the setuid/sticky bits.  What samba
does is a lossy translation of unix<->windows permissions as best it can.
Windows permissions are substantially more granular than unix ones.¹ For
example, there is no such thing as delete permission in unix, so (as far as
I recall) a user given delete permissions on windows is given write
permission on the underlying unix filesystem.  You can try this out by
setting a permission in windows, then close the window and go back in to
see what permission really got stored.  


¹ Some may argue that the extra granularity isn't particularly useful but
  that's a different and somewhat subjective question.
gavinmc at ceartgoleor:~$ apt-cache show acl 
Package: acl
Priority: optional
Section: universe/utils
Installed-Size: 220
Maintainer: Ubuntu Core Developers <ubuntu-devel at>
Original-Maintainer: Nathan Scott <nathans at>
Architecture: i386
Version: 2.2.42-1ubuntu1
Depends: libacl1 (>= 2.2.11-1), libattr1 (>= 2.4.4-1), libc6 (>=
Filename: pool/universe/a/acl/acl_2.2.42-1ubuntu1_i386.deb
Size: 44562
MD5sum: 6c2656880e828969b17123da433cfc04
SHA1: 603371f286fce083a6a996897676371e3b5188f4
SHA256: 72cf56fa97ab661c8254b6d69bbd8cc0ff0a80bf1cf05e7c412fa950228984b2
Description: Access control list utilities
 This package contains the getfacl and setfacl utilities needed for
 manipulating access control lists.
Bugs: mailto:ubuntu-users at
Origin: Ubuntu

gavinmc at ceartgoleor:~$ getfacl .xsession-errors 
# file: .xsession-errors
# owner: gavinmc
# group: gavinmc

More information about the edubuntu-users mailing list