. .

File sharing supporting NT ACL as most possible

Written by at April 15, 2012

The file access control in NT is much more complex than UNIX. In general, UNIX only support the ACL in read/write/execute for User/Group/Other of a file or directory. While NT could be far more complex than that, e.g. granting read permission for group1 and all access for group2.

Since Samba is running on Linux, there is no way for Samba to support this kind of ACL unless the underlying OS could support it.

Nowadays, you could use POSIX ACL in UNIX to meet the requirement and make it as close as the ACL support in NT.

Supporting NT ACL

  • mount the filesystem with acl & user_xattr
  • Export a share in Samba in the mount point, e.g., 
    [grp1Share]
comment = Group 1
path = /mnt/sambaShare/grp1Share
read only = no
guest ok = yes
browseable = yes
admin users=samba1,administrator,root
valid users=@"Domain Users",administrator,root
  • The admin users could set the ACL of the share by using File Explorer in Windows machine
  • Or, you could use smbcacls to set the persmission
  • you could use getfacl to list out the actual permission mapped from NT to Linux