[Samba] Behavior of acl_xattr:ignore system acls = yes on a share
Peter Milesson
miles at atmos.eu
Wed Jan 31 11:23:14 UTC 2024
On 31.01.2024 12:02, Rowland Penny via samba wrote:
> On Wed, 31 Jan 2024 11:53:44 +0100
> Ralph Boehme <slow at samba.org> wrote:
>
>> On 1/31/24 11:19, Rowland Penny via samba wrote:
>>> When I logged into Windows and connected to a share that has
>>> 'acl_xattr:ignore system acls = yes' set and right clicked on its
>>> icon in Explorer and selected 'Properties', I found that 'EVERYONE'
>>> was listed. I removed 'EVERYONE', clicked 'Apply' then 'OK', which
>>> completed without error. 'EVERYONE' is no longer listed on Windows,
>>> but if I go to the machine that holds the share and run 'samba-tool
>>> ntacl get /srv/acl3 --as-sddl', I get this:
>>>
>>> O:S-1-22-1-0G:S-1-22-2-0D:AI(A;OICI;FA;;;S-1-22-1-0)(A;OICI;0x1200a9;;;DU)(A;OICI;0x1200a9;;;DU)(A;;FA;;;S-1-22-2-0)(A;;FA;;;S-1-22-2-0)(A;;FA;;;S-1-22-1-0)(A;;FA;;;WD)(A;OICIIO;FA;;;CO)(A;OICIIO;0x1200a9;;;S-1-22-2-0)(A;OICIIO;0x1200a9;;;CG)(A;OICIIO;0x1200a9;;;WD)
>>>
>>> 'WD' is Windows speak for 'EVERYONE'.
>> looks like a bug or misconfiguration.
>>
>> -slow
>>
> smb.conf has these:
>
> [global]
> ..........
> vfs objects = acl_xattr
> map acl inherit = Yes
>
> ..................
>
> [acltest3]
> path = /srv/acl3
> read only = no
> acl_xattr:ignore system acls = yes
>
> Which looks correct to myself, so a bug ?
>
> Rowland
>
Hi Rowland,
I have got the same entries in my smb.conf, see my first post.
Best regards,
Peter
More information about the samba
mailing list