Security issue - storing NTACL's in non-NT-security-namespace

Christoph Hellwig hch at
Fri Dec 13 03:53:14 MST 2013

On Fri, Dec 13, 2013 at 12:39:40AM -0800, L.A. Walsh wrote:
>    Does it have to be under a "namespace" that gets *stripped*
> as soon as the file is copied or "mv'd to another
> samba share (i.e. the partition it was moved to is shared with the
> same permissions as the first one.

Attributes never get "stripped", they simple don't get copied unless
explicit action is taken to do so.  Setting trusted attributes up on a
new file will of course rely privilegues, exactly for the reasons
Jeremy pointed out.

More information about the samba-technical mailing list