Hi, I have set up samba with ACL Support. I have set up Groups and users: #net groupmap list Domain Admins (S-1-5-21-3027381482-3940328739-3509331320-512) -> ntadmin Domain Guests (S-1-5-21-3027381482-3940328739-3509331320-514) -> nobody Domain Users (S-1-5-21-3027381482-3940328739-3509331320-513) -> users #pdbedit -L -v sambasven Unix username: sambasven NT username: Account Flags: [U ] User SID: S-1-5-21-3027381482-3940328739-3509331320-3004 Primary Group SID: S-1-5-21-3027381482-3940328739-3509331320-513 Full Name: Home Directory: \\asw-server\sambasven HomeDir Drive: K: Logon Script: logon.bat Profile Path: \\asw-server\profiles\.msprofile Domain: ASW.LOCAL Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Di, 19 Jan 2038 04:14:07 CET Kickoff time: Di, 19 Jan 2038 04:14:07 CET Password last set: Do, 03 Jan 2008 10:58:29 CET Password can change: Do, 03 Jan 2008 10:58:29 CET Password must change: Di, 19 Jan 2038 04:14:07 CET Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF # pdbedit -L -v nicos Unix username: nicos NT username: Account Flags: [U ] User SID: S-1-5-21-3027381482-3940328739-3509331320-3000 Primary Group SID: S-1-5-21-3027381482-3940328739-3509331320-513 Full Name: nicos,,, Home Directory: \\asw-server\nicos HomeDir Drive: K: Logon Script: logon.bat Profile Path: \\asw-server\profiles\.msprofile Domain: ASTERISK Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Di, 19 Jan 2038 04:14:07 CET Kickoff time: Di, 19 Jan 2038 04:14:07 CET Password last set: Do, 03 Jan 2008 10:16:01 CET Password can change: Do, 03 Jan 2008 10:16:01 CET Password must change: Di, 19 Jan 2038 04:14:07 CET Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF asterisk:~# I have setup a samba share: [daten] comment = Dateiverzeichnis path = /mnt/sdc1/daten readonly=no create mask = 0770 directory mask = 0770 Now user nicos is greating a file on the share. The acl looks like expected: # file: mnt/sdc1/daten/nicos.txt # owner: nicos # group: users user::rwx group::rw- other::--- Now I do not want user "sambasven" to delete the file, so I change the acl to: # file: mnt/sdc1/daten/nicos.txt # owner: nicos # group: users user::rwx group::--- other::--- No User "sambasven" can open the file but cannot save the file. But the problem is he can delete the file. Has anybody a id?e? I am thanksfull for any help. Sven