[Samba] Behavior of acl_xattr:ignore system acls = yes on a share
Peter Milesson
miles at atmos.eu
Tue Jan 30 16:09:41 UTC 2024
On 30.01.2024 16:51, Ralph Boehme via samba wrote:
> On 1/30/24 16:27, Rowland Penny via samba wrote:
>> On Tue, 30 Jan 2024 16:13:41 +0100
>> Peter Milesson via samba <samba at lists.samba.org> wrote:
>>
>>> Hi folks,
>>>
>>> It seems that the setting acl_xattr:ignore system acls = yes reduces
>>> Windows compatibility when defined for a share. In all attempts I
>>> have used Windows tools (except editing smb.conf)
>>
>> Lets walk through the relevant part of that parameter:
>> 'ignore system acls'
>>
>> It does what it says, with it set, Samba totally ignores the Unix acls
>> you can see with 'ls' and getfacl. You must set the permissions from
>> Windows and either read them from Windows or with tools such as
>> 'samba-tool ntacl get'.
>
> ...and you must start with a clean state, iow a share basedirectory
> that doesn't have any POSIX ACEs, just root:Domain Users 0777 or
> similar. "ignore systems acls" only implies Samba will not attempt
> itself to map the NT ACL to a POSIX ACL and apply in on disk. It
> doesn't apply that existing POSIX ACLs will be enforced by the kernel
> and inheritted by the kernel if applicable.
>
> Cheers!
> -slow
>
Hi Ralph,
I will start again with a clean folder and see what happens.
Best regards,
Peter
More information about the samba
mailing list