Modifying file and directory permissions is as simple as changing the displayed permissions in the dialog box and clicking on OK. However, there are limitations that a user needs to be aware of, and also interactions with the standard Samba permission masks and mapping of DOS attributes that also need to be taken into account.

If the parameter nt acl support is set to false, any attempt to set security permissions will fail with an "Access Denied" message.

The first thing to note is that the Add button will not return a list of users in Samba (it will give an error message saying "The remote procedure call failed and did not execute"). This means that you can only manipulate the current user/group/world permissions listed in the dialog box. This actually works quite well because these are the only permissions that UNIX actually has.

If a permission triplet (either user, group, or world) is removed from the list of permissions in the NT dialog box, then when the OK button is pressed, it will be applied as no permissions on the UNIX side. If you view the permissions again, the no permissions entry will appear as the NT O flag, as described above. This allows you to add permissions back to a file or directory once you have removed them from a triplet component.

Because UNIX supports only the “r”, “w”, and “x” bits of an NT ACL, if other NT security attributes such as Delete Access are selected, they will be ignored when applied on the Samba server.

When setting permissions on a directory, the second set of permissions (in the second set of parentheses) is by default applied to all files within that directory. If this is not what you want, you must uncheck the Replace permissions on existing files checkbox in the NT dialog before clicking on OK.

If you wish to remove all permissions from a user/group/world component, you may either highlight the component and click on the Remove button or set the component to only have the special Take Ownership permission (displayed as O ) highlighted.