Make ACL headers required by default for Samba 4.0

Matthieu Patou mat at
Sun May 13 11:33:00 MDT 2012

On 05/12/2012 11:47 PM, Volker Lendecke wrote:
> On Sun, May 13, 2012 at 04:11:12PM +1000, Andrew Bartlett wrote:
>> A number of folks over time have hit the issue that Samba's POSIX ACL
>> support is optional - we work fine for most things without it, but
>> because of this you only notice it being missing much later, when you
>> start to really need it.
>> To catch this issue for potential deployments of the Samba 4.0 AD DC, I
>> have a trap in the provision stage that checks for ACL support on the
>> current file system, but it seems to me that this point is too late in
>> the process.
>> I propose that by default, we should require some form of system ACL
>> header to build Samba.  Then, if a user is on a system without ACL
>> headers or is unwilling to install them, they can specify the
>> --without-acl-support that would be hinted at in the error.
>> This will also aid distributors, who would find at build stage (without
>> needing to specify options) if ACL support somehow wasn't going to be
>> compiled in.
>> What do folks think?
> This is fine for the real AD domain controller build. For
> the pure fileserver that also is supposed to build without
> Kerberos necessarily this is not okay I think.
So what about having --with-acl-support by default if --with-kerberos 
was specified or if we found kerberos support ?
This would mean that if kerberos is not found or if --without-kerberos 
is specified then the default would be --without-acl-support.
This of course would be in waf because I don't think it would be very 
easy to set in autoconf.

More information about the samba-technical mailing list