Make ACL headers required by default for Samba 4.0

Andrew Bartlett abartlet at
Sun May 13 17:07:40 MDT 2012

On Sun, 2012-05-13 at 08:47 +0200, Volker Lendecke wrote:
> On Sun, May 13, 2012 at 04:11:12PM +1000, Andrew Bartlett wrote:
> > A number of folks over time have hit the issue that Samba's POSIX ACL
> > support is optional - we work fine for most things without it, but
> > because of this you only notice it being missing much later, when you
> > start to really need it.
> > 
> > To catch this issue for potential deployments of the Samba 4.0 AD DC, I
> > have a trap in the provision stage that checks for ACL support on the
> > current file system, but it seems to me that this point is too late in
> > the process.
> > 
> > I propose that by default, we should require some form of system ACL
> > header to build Samba.  Then, if a user is on a system without ACL
> > headers or is unwilling to install them, they can specify the
> > --without-acl-support that would be hinted at in the error. 
> > 
> > This will also aid distributors, who would find at build stage (without
> > needing to specify options) if ACL support somehow wasn't going to be
> > compiled in. 
> > 
> > What do folks think?
> This is fine for the real AD domain controller build. For
> the pure fileserver that also is supposed to build without
> Kerberos necessarily this is not okay I think. Note that I
> am not at this point talking about waf vs autoconf. If in
> the future it is decided to drop autoconf, the legacy build
> features must be ported to waf.


I'm only looking to change the default, to reduce our support

Do you agree that if we change, we should change it in both build

I think ACL headers should remain optional in all builds, I just want to
make them optional by deliberate choice, not auto-detection.


Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list