Is "acl_xattr:ignore system acl = yes" recommended?

Uri Simchoni uri at
Tue Jul 27 07:30:10 UTC 2021

On 7/27/21 9:31 AM, miguel medalha wrote:
> Dear Uri
> Does Samba have root access? If so, wouldn't it be possible, when using "acl_xattr:ignore_system_acls = yes", to set permissions to root:root and 600/700 instead of 666/777 and let Samba do the translation and authorize access based only on what is set on the "security.NTACL" extended attribute?
> Best regards
> Miguel Medalha

(adding the list)

To guarantee a specific unix owner for files in a folder exclusively 
accessed by smbd (thereby getting the kernel out of the way or 
implementing folder quota), the following scheme could be used:
1. set the desired owner on the (empty) root of the folder
2. set "inherit owner = unix only"
3. set acl_xattr:ignore_system_acls = true

regarding 0666/0777, I'm afraid that's enforced by the acl_xattr module 
if ignore_system_acls is set.


More information about the samba-technical mailing list