[Samba] Are acl_xattr and admin users option incompatible?

Jeremy Allison jra at samba.org
Wed Jul 21 12:40:26 MDT 2010


On Wed, Jul 21, 2010 at 08:15:35AM -0400, John Mulligan wrote:
> Hello List,
> 
> I've run into an interesting situation and am wondering if this is by
> design or just an interesting side effect: using both acl_xattr and
> a user in the "admin users" list at the same time seem to conflict.
> 
> I have a tool that is running on a windows box that needs full access
> to files on a given share while ignore individual file and folder
> permissions. We were able to make that tool run as an
> "admin user" in smb.conf.
> 
> When I run the tool with the vfs xattr_acl module turned on (for best
> compatibility with nt acls), the tests fail but when using only straight POSIX
> acls the test works. Running things manually, it appears that running
> with only POSIX acls the root user on the samba side is able to read/write
> any file as expected, but with acl_xattr turned on samba is doing some
> internal checking of the xattr acls and blocking access to the files.
> 
> So my question is, is this by design or is this something that the
> samba team would consider as a bug/feature request?
> Also feel free to tell me "you're doing it wrong" if there is a better
> way to provide read/write access to the windows side regardless of
> the acls on the files. None of my searches turned up anything relevant,
> but its always possible that I was looking in the wrong direction.
> 
> Thank you for your time and the great software.

Sounds like a bug to me. Setting "admin user" should mean your
token is root and should override the ACL specific checks.

Can you log a formal bug @ bugzilla.samba.org and be specific
on how you reproduce the failure to modify the file/directory.

Thanks !

Jeremy.


More information about the samba mailing list