Is "acl_xattr:ignore system acl = yes" recommended?
Uri Simchoni
uri at samba.org
Tue Jul 27 08:12:35 UTC 2021
On 7/27/21 10:49 AM, Rowland Penny via samba-technical wrote:
>>
>> regarding 0666/0777, I'm afraid that's enforced by the acl_xattr
>> module
>> if ignore_system_acls is set.
>
> Yes, but it very probably shouldn't be
That originates in https://bugzilla.samba.org/show_bug.cgi?id=12181 and
https://bugzilla.samba.org/show_bug.cgi?id=12181.
The smbd process assumes the unix identity of the user that opened the
connection, unless, maybe, "force user" is also used. Given that, a mask
of 0600 will make the kernel get in the way again, so that's why the
hard-coded setting of 0666/0777.
I agree that we could get the same result by setting "create mask" and
"directory mask" manually - it's largely a balance between getting the
configuration options behave according to their name, getting the right
configuration by default, and maintaining enough flexibility for all use
cased.
I hope that helps,
Uri.
More information about the samba-technical
mailing list