Tuesday, October 11, 2011

NT ACL on Samba

  • Enable ACL support in the file system by remounting it with acl option. ACL must be enabled in a file system before Samba can use it.
    mount -o remount,acl /home
  • Enable acl support during boot time with the following in the /etc/fstab
    LABEL=/home /home ext4 noatime,acl 1 2
  • Enable acl support in Samba on a per share basis with the following in /etc/samba/smb.conf (typically already enabled by default)
    nt acl support = yes
    acl map full control = yes
  • Set the setgid bit for the directory
    chmod g+s /home
  • Have the following in /etc/samba/smb.conf
    inherit acls = Yes
    delete readonly = Yes
  • Check the ACL of current directory
    getfacl .
  • Set a default group (manager) ACL for files created in /home
    setfacl -m d:g::---,d:g:manager:r-x /home
  • Copy the ACL from a template folder to /home
    getfacl /template | setfacl -M - /home
    There's a warning of "getfacl: Removing leading '/' from absolute path names" from the above command, which can be safely ignored.


No comments: