Is "acl_xattr:ignore system acl = yes" recommended?
Uri Simchoni
uri at samba.org
Tue Jul 27 08:17:59 UTC 2021
On 7/27/21 11:12 AM, Uri Simchoni via samba-technical wrote:
> On 7/27/21 10:49 AM, Rowland Penny via samba-technical wrote:
>>>
>>> regarding 0666/0777, I'm afraid that's enforced by the acl_xattr
>>> module
>>> if ignore_system_acls is set.
>>
>> Yes, but it very probably shouldn't be
>
> That originates in https://bugzilla.samba.org/show_bug.cgi?id=12181 and
> https://bugzilla.samba.org/show_bug.cgi?id=12181.
>
> The smbd process assumes the unix identity of the user that opened the
> connection, unless, maybe, "force user" is also used. Given that, a mask
> of 0600 will make the kernel get in the way again, so that's why the
> hard-coded setting of 0666/0777.
>
> I agree that we could get the same result by setting "create mask" and
> "directory mask" manually - it's largely a balance between getting the
> configuration options behave according to their name, getting the right
> configuration by default, and maintaining enough flexibility for all use
> cased.
>
> I hope that helps,
> Uri.
>
Sorry, the "and" should have been
https://lists.samba.org/archive/samba-technical/2016-August/115779.html
More information about the samba-technical
mailing list