Samba doesn't allow setting ACLs for special SIDs

Jeremy Allison jra at
Sun Dec 29 20:32:08 UTC 2019

On Tue, Dec 24, 2019 at 03:54:43PM -0600, Steve French via samba-technical wrote:
> I noticed that Samba server doesn't allow setting ACLs for special
> SIDs (like the 'NFS' or POSIX mode bits etc.).    Looking at
> vfs_acl_xattr it automatically resets the value of
> force unknown acl user to true (which prevents setting special SIDs
> that don't map to users that Samba doesn't know about).
> Is there a way to configure Samba allow setting special SIDs?
> Presumably if acl_xattr is not set then the ACL can't be saved and if
> acl_xattr is used then unknown SIDs are remapped so are useless.

force unknown acl user forces owner and group SIDs to be
valid UNIX users/groups, and causes the POSIX ACL mapping
to ignore unknown ACE entries for users/groups.

Special SIDs should still be stored in the xattr ACL
store, just not mapped to POSIX.

Can you explain *exactly* what you are trying to do
here, because the problem you want to solve isn't

More information about the samba-technical mailing list