Modifying File or Directory Permissions
Modifying file and directory permissions is as simple as changing the displayed permissions in the dialog box
and clicking on OK. However, there are limitations that a user needs to be aware of,
and also interactions with the standard Samba permission masks and mapping of DOS attributes that also need to
be taken into account.
If the parameter
nt acl support is set to
false, any attempt to
set security permissions will fail with an "Access Denied" message.
The first thing to note is that the Add button will not return a list of users in Samba
(it will give an error message saying "The remote procedure call failed and did not
execute"). This means that you can only manipulate the current user/group/world permissions listed
in the dialog box. This actually works quite well because these are the only permissions that UNIX actually
If a permission triplet (either user, group, or world) is removed from the list of permissions in the NT
dialog box, then when the OK button is pressed, it will be applied as
on the UNIX side. If you view the permissions again, the
entry will appear as the NT
flag, as described above. This allows
you to add permissions back to a file or directory once you have removed them from a triplet component.
Because UNIX supports only the “r”, “w”, and “x” bits of an NT ACL, if
other NT security attributes such as
Delete Access are selected, they will be ignored
when applied on the Samba server.
When setting permissions on a directory, the second set of permissions (in the second set of parentheses) is
by default applied to all files within that directory. If this is not what you want, you must uncheck the
Replace permissions on existing files checkbox in the NT dialog before clicking on
If you wish to remove all permissions from a user/group/world component, you may either highlight the
component and click on the Remove button or set the component to only have the special
Take Ownership permission (displayed as