[Samba] SaMBa 4.16.4 adds users to ACLs as groups
Rowland Penny
rpenny at samba.org
Thu Jun 15 16:01:18 UTC 2023
On 15/06/2023 16:18, Tamás Németh via samba wrote:
> Thank you for the answer.
>
> I understand that default (POSIX) ACLs will lead to similar results, but
> the parent directory of this file had no default ACL, and when opening its
> properties / security dialog I also don't see any inheritance specified.
> However I can accept that SaMBa works this way and I can even see that Word
> did some deliberate ACL manipulation, but this "piling up" of ACL
> information doesn't happen either on a native Windows file server or with
> vfs_acl_xattr. And at least partially this may be the reason why using
> POSIX ACLs with SaMBa is deprecated :-(
>
> Best regards,
>
> Tamás
>
I think we need to identify just what you are calling 'default (POSIX)
ACLs' actually are.
Samba uses 3 permission 'levels'
The standard Unix 'ugo' permissions
The permissions that getfacl will show, known by some as NT4-ACLs, by
others as Posix ACLs (which never made it out of the draft stage)
Windows ACLs, stored in an EA
There are NFSv4 ACLs, but these are really only used on 'BSD' filesystems.
If you create a file on Linux, you will get a file permission string
like this from 'ls': -rw-r--r--
getfacl would show the permissions like this:
# file: $file_NAME
# owner: adminuser
# group: adminuser
user::rw-
group::r--
other::r--
Now you can, with 'setfacl' add default permissions, are these what you
are referring to as 'Posix ACLs' ?
Rowland
More information about the samba
mailing list