I have to manage some projects and work groups on a openSUSE Samba server. The project members are changing from project to project. Minimal permissions are required, because of the "need to know" principle, established during an external auditing process. I often have the task to setup permissions like this for a project folder. * a group A with write access * an additional user B with write access * a user C with read access * new files and directories should get the same permissions as existing files/directories * sub-directories sometimes have more, less or other permissions * optional, but may be required in future: reporting of all permissions (for the auditing) It is clear, that I need ACLs on the Samba server to fulfill the requirements. On average I have to change permissions of around one project folder (with many sub-folders and files) a day. In most situations the project folders are in use. The Samba server and my desktop PC run on openSUSE. The project members run Windows 10, but do know nothing about Windows/Samba ACLs. Which tool is best suited for the task to setup (and optional report) Samba/Windows ACLs? I already tested some tools and methods: 1. chown, chgrp and chmod only possible directly on the server; not capable of ACLs another than Unix standard (owner, group and others) 2. chown, chgrp, chmod, setfacl and getfacl (my current method) works, but takes some time on usage; difficult; only possible directly on the server; can be scripted, if the tasks are comparable; not very fail-safe (of course because of usage errors) 3. smbcacls works, but is slow; difficult; needs a login for each execution; no recursion 4. Windows file properties dialog, security tab works, but I have to start a Windows VM extra for this task; no reporting 5. Cacls (Windows) works, but I have to start a Windows VM extra for this task; difficult 6. Winacl (FreeNAS) Only for Samba servers on FreeNAS; only possible directly on the server 7. Local administration (mounted CIFS share) with "multiuser" mount option even with the "multiuser" mount option owners, groups, permissions and ACLs of the original files/directories on the server are hidden on the client Greetings, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org