Is "acl_xattr:ignore system acl = yes" recommended?

Uri Simchoni uri at
Tue Jul 27 08:17:59 UTC 2021

On 7/27/21 11:12 AM, Uri Simchoni via samba-technical wrote:
> On 7/27/21 10:49 AM, Rowland Penny via samba-technical wrote:
>>> regarding 0666/0777, I'm afraid that's enforced by the acl_xattr
>>> module
>>> if ignore_system_acls is set.
>> Yes, but it very probably shouldn't be
> That originates in and 
> The smbd process assumes the unix identity of the user that opened the 
> connection, unless, maybe, "force user" is also used. Given that, a mask 
> of 0600 will make the kernel get in the way again, so that's why the 
> hard-coded setting of 0666/0777.
> I agree that we could get the same result by setting "create mask" and 
> "directory mask" manually -  it's largely a balance between getting the 
> configuration options behave according to their name, getting the right 
> configuration by default, and maintaining enough flexibility for all use 
> cased.
> I hope that helps,
> Uri.

Sorry, the "and" should have been

More information about the samba-technical mailing list