On 16/12/2022 13:01, Piviul via samba wrote:> I need to share a folder in a way that some groups members have write
> permissions to the share and some other groups members can only read
> files on the share, the others members can't access at all.
>
> I don't care about acl, all files/directory in the share should have
the
> same access.? Do you think that disabling acls in a such way
>
> vfs objects = acl_xattr
> acl_xattr:ignore system acls = yes
> valid users = <read groups list>,<write group list>
> read list?? = <read groups list>
> write list? = <write group list>
> force group = staff
> create mask = 0664
> force create mode = 0664
> directory mask = 0775
> force directory mode = 2775
>
> would be a good idea
Well, NO
You only need the 'vfs objects' line in '[global]' and the path
and
'read only = no' in the share, you then set the permissions from
Windows.
if you do add 'acl_xattr:ignore system acls = yes' , it does what it
says, Samba will ignore the system acls.
I suggest you read 'man vfs_acl_xattr' and this wiki page:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
If you want to set up Samba as you suggest, only do it on a Unix domain
member and do not set 'vfs objects = acl_xattr'.
Rowland