[Samba] Behavior of acl_xattr:ignore system acls = yes on a share
Ralph Boehme
slow at samba.org
Tue Jan 30 15:51:16 UTC 2024
On 1/30/24 16:27, Rowland Penny via samba wrote:
> On Tue, 30 Jan 2024 16:13:41 +0100
> Peter Milesson via samba <samba at lists.samba.org> wrote:
>
>> Hi folks,
>>
>> It seems that the setting acl_xattr:ignore system acls = yes reduces
>> Windows compatibility when defined for a share. In all attempts I
>> have used Windows tools (except editing smb.conf)
>
> Lets walk through the relevant part of that parameter:
> 'ignore system acls'
>
> It does what it says, with it set, Samba totally ignores the Unix acls
> you can see with 'ls' and getfacl. You must set the permissions from
> Windows and either read them from Windows or with tools such as
> 'samba-tool ntacl get'.
...and you must start with a clean state, iow a share basedirectory that
doesn't have any POSIX ACEs, just root:Domain Users 0777 or similar.
"ignore systems acls" only implies Samba will not attempt itself to map
the NT ACL to a POSIX ACL and apply in on disk. It doesn't apply that
existing POSIX ACLs will be enforced by the kernel and inheritted by the
kernel if applicable.
Cheers!
-slow
--
SerNet Samba Team Lead https://samba.plus/
Samba Team Member https://samba.org/
SAMBA+ packages https://samba.plus/
SerNet Samba Support, Consulting and Development
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20240130/1a2465e1/OpenPGP_signature.sig>
More information about the samba
mailing list