Is "acl_xattr:ignore system acl = yes" recommended?
uri at samba.org
Tue Jul 27 07:30:10 UTC 2021
On 7/27/21 9:31 AM, miguel medalha wrote:
> Dear Uri
> Does Samba have root access? If so, wouldn't it be possible, when using "acl_xattr:ignore_system_acls = yes", to set permissions to root:root and 600/700 instead of 666/777 and let Samba do the translation and authorize access based only on what is set on the "security.NTACL" extended attribute?
> Best regards
> Miguel Medalha
(adding the list)
To guarantee a specific unix owner for files in a folder exclusively
accessed by smbd (thereby getting the kernel out of the way or
implementing folder quota), the following scheme could be used:
1. set the desired owner on the (empty) root of the folder
2. set "inherit owner = unix only"
3. set acl_xattr:ignore_system_acls = true
regarding 0666/0777, I'm afraid that's enforced by the acl_xattr module
if ignore_system_acls is set.
More information about the samba-technical