Anyone know how to add ACL support to SAMBA?

john lists.john at gmail.com
Fri Feb 29 16:23:45 GMT 2008 

Thanks Gavin,

I'll experiment with this. I appreciate your advice.

John

On Thu, Feb 28, 2008 at 2:00 AM, Gavin McCullagh <gmccullagh at gmail.com> wrote:
> Hi,
>
>
>
>  On Wed, 27 Feb 2008, john wrote:
>
>  > I use samba to allow windows clients to access shares on our linux
>  > file server. I'd like to enable support for ACLS so that I can use
>  > windows permissions under linux.
>  >
>  > Does anyone know how I can accomplish this. Do I need to recompile
>  > SAMBA to support acls or is it a simple addition to smb.conf?
>
>  I'm afraid it's not that simple at all at least as I understand it.  There
>  are two issues, one is ACLs (the ability to create lots of different
>  permissions for lots of different users/groups), the other is windows
>  permissions themselves.
>
>  If you need ACLs on linux you can install the acl package², turn them on at
>  the filesystem mounting and use them.  Some details are here:
>         http://www.vanemery.com/Linux/ACL/linux-acl.html
>  If you look at "man smb.conf" you can search for ACL and see the various
>  options.
>
>  Permissions must be represented in the filesystem and unix filesystems have
>  support for read, write, execute and the setuid/sticky bits.  What samba
>  does is a lossy translation of unix<->windows permissions as best it can.
>  Windows permissions are substantially more granular than unix ones.¹ For
>  example, there is no such thing as delete permission in unix, so (as far as
>  I recall) a user given delete permissions on windows is given write
>  permission on the underlying unix filesystem.  You can try this out by
>  setting a permission in windows, then close the window and go back in to
>  see what permission really got stored.
>
>  Gavin
>
>  ¹ Some may argue that the extra granularity isn't particularly useful but
>   that's a different and somewhat subjective question.
>  ²
>  gavinmc at ceartgoleor:~$ apt-cache show acl
>  Package: acl
>  Priority: optional
>  Section: universe/utils
>  Installed-Size: 220
>  Maintainer: Ubuntu Core Developers <ubuntu-devel at lists.ubuntu.com>
>  Original-Maintainer: Nathan Scott <nathans at debian.org>
>  Architecture: i386
>  Version: 2.2.42-1ubuntu1
>  Depends: libacl1 (>= 2.2.11-1), libattr1 (>= 2.4.4-1), libc6 (>=
>  2.5-0ubuntu1)
>  Filename: pool/universe/a/acl/acl_2.2.42-1ubuntu1_i386.deb
>  Size: 44562
>  MD5sum: 6c2656880e828969b17123da433cfc04
>  SHA1: 603371f286fce083a6a996897676371e3b5188f4
>  SHA256: 72cf56fa97ab661c8254b6d69bbd8cc0ff0a80bf1cf05e7c412fa950228984b2
>  Description: Access control list utilities
>   This package contains the getfacl and setfacl utilities needed for
>   manipulating access control lists.
>  Bugs: mailto:ubuntu-users at lists.ubuntu.com
>  Origin: Ubuntu
>
>  gavinmc at ceartgoleor:~$ getfacl .xsession-errors
>  # file: .xsession-errors
>  # owner: gavinmc
>  # group: gavinmc
>  user::rw-
>  group::r--
>  other::r--
>
>
>
>  --
>  edubuntu-users mailing list
>  edubuntu-users at lists.ubuntu.com
>  Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
>

More information about the edubuntu-users mailing list