[Samba] ACL misbehavior moving from POSIX ACL -> acl_xattr

Jeremy Allison jra at samba.org
Wed Sep 16 15:42:26 MDT 2009

On Wed, Sep 16, 2009 at 07:20:11PM +0100, Miguel Medalha wrote:
> All files/dirs are 666 or 777.  According to my reading, since there are 
> no POSIX extended ACLs, if the VFS layer "passes" an access, then it only 
> should be compared against the standard UGO permissions.

That's correct - but the problem isn't access, it's when the
incoming ACL is "set" onto the underlying filesystem. Most
ACLs can't be mapped onto ugw permissions.

As I said, you need a vfs_acl_null module that will drop
any set call, and will return Everyone:Full control on


More information about the samba mailing list