Is "acl_xattr:ignore system acl = yes" recommended?
uri at samba.org
Tue Jul 27 08:17:59 UTC 2021
On 7/27/21 11:12 AM, Uri Simchoni via samba-technical wrote:
> On 7/27/21 10:49 AM, Rowland Penny via samba-technical wrote:
>>> regarding 0666/0777, I'm afraid that's enforced by the acl_xattr
>>> if ignore_system_acls is set.
>> Yes, but it very probably shouldn't be
> That originates in https://bugzilla.samba.org/show_bug.cgi?id=12181 and
> The smbd process assumes the unix identity of the user that opened the
> connection, unless, maybe, "force user" is also used. Given that, a mask
> of 0600 will make the kernel get in the way again, so that's why the
> hard-coded setting of 0666/0777.
> I agree that we could get the same result by setting "create mask" and
> "directory mask" manually - it's largely a balance between getting the
> configuration options behave according to their name, getting the right
> configuration by default, and maintaining enough flexibility for all use
> I hope that helps,
Sorry, the "and" should have been
More information about the samba-technical