Hello all!

I'm setting up a new Linux Mint box to be used as a replacement for an ancient Novell server and I am trying to duplicate the folder tree with the same permissions as our Novell box.

We have one main shared folder named "Apps" and all users can read and write in all subfolders except a few reserved for admins or managers.

I have one subfolder of "Apps" named "Managers". I created a group named "managers" and added users that should have full access to the Managers folder.

Here are my permissions and acl entries for the Managers subfolder:

drwxrws---+ root managers Managers

getfacl Apps/Managers
# file: Apps/Managers
# owner: root
# group: managers
# flags: -s-
user::rwx
group::rwx
group:managers:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:managers:rwx
default:mask::rwx
defaultther::---

There is a user named "angela" with a primary group of "users" and secondary group "managers".
When I log in locally as angela the permissions are applied properly and I can access the Managers folder and create files. When logged in from a Windows workstation as angela with a mapped drive to the "Apps" folder I get an "Access is denied" error when I try to open the Managers folder. I can read and write to all other subfolders in Apps as expected.

I feel like I am missing something simple but after searching for hours I cannot figure out what.

After many restarts and head scratching I decided to try deleting the managers group from Samba, remove all acl's from the Managers folder and start over. I forgot to mention in my original post that I am using Webmin to administer users and Samba shares.

Anyway after recreating the managers group in Samba, clearing all ACL's and re-applying them I can now access the Managers folder from a Windows workstation when logged in as someone in the managers group. I did not have to delete the local managers group from Linux only the managers group in Samba. I think the issue may have been an incorrect gid for the managers group in Samba and recreating the group in Samba relinked it to the correct local group.

Just in case another newbie stumbles upon this thread I thought I should come back and correct my last post. The issue returned and I finally found the real cause and solution. When creating linux groups to be used for assigning access to specific folders through ACL's I was letting the system generate the GID (Group ID's)for me. I found that GID's were being assigned the same number as existing UID's (User ID's). By recreating the affected groups but manually assigning the GID's starting with a number over 1000 all Samba ACL's are now being properly applied when users access the shared folders from Windows workstations.