Is there a way to set the Windows ACLs from files and folders of an Samba Share directly through Linux itself?
I know there is the option setfacl/getfacl but they can only change between: – DENY | READ-ONLY | FULL-Control – if I got this right.
But I need for a Windows Security Group modify rights. And that recursively to all following directories. If I would change this from windows directly through an SMB connection this would take hours and days because of the mass of files. Is there a way to do this or is it still not possible? I know the information is stored anywhere in the share cause I can copy files in Linux to the share folder and they get automatically the previously chosen modify rights.
To avoid the change of settings through SMB, I out copy the files from the share. Delete all files in the share and change the permissions from windows on the share.
Actually this is how I proceeding so far:
In Linux:
1. I copy files and folders from the share folder to a separate location.
2. I delete all stuff in the share folder.
In Windows:
3. Then accessing the empty share folder through SMB.
4. From here I can change recursively the permissions for access groups to apply "modify" permissions.
Back in Linux:
5. Now I can copy the files and folders back into the share folder to set the permissions.
-> The files got through the copy process the new permissions.
Best Answer
If you're running Samba 4, the commands samba-tool ntacl could certainly do it.
Unfortunately it's quite hard to find detailed doc on how to use this command to set ACLs:
I would suggest you this procedure:
Detail:
will get ACLs infos in SDDL format. More on SDDL here
will apply specified ACL on the file/folder
The solution is not perfect tough it could help you.
About samba-tool commands: https://www.samba.org/samba/docs/man/manpages-3/samba-tool.8.html
A related issue on Samba mail lists: https://lists.samba.org/archive/samba-technical/2011-October/079820.html