[Samba] Samba4: where are ACLs stored?

Thomas Harold thomas-lists at nybeta.com
Thu Sep 26 10:54:23 MDT 2013

On 9/26/2013 10:12 AM, Klaus Hartnegg wrote:
> Hi,
> most file access rights sync between ACLs of linux and the security tab
> of windows file properties, but not all. Where are the other infos stored?
> I tried in linux 'getfattr -d' and 'samba-tool ntacl get', but neither
> output changed when using windows to add individual right for a user
> that already has rights inherited from the parent directory. Windows
> remembers every detail of these changes, even after a reboot, so it must
> be stored somewhere.
> I'm concerned that backups might be incomplete when part of the access
> rights are hidden somewhere else. Will 'cp -a' really copy everything?

Under ext4, we mount with "rw,noatime,user_xattr,acl".




According to the ext4 documentation page, barrier=barrier (a.k.a. 
barrier=1) is the default, but it doesn't hurt to specify it in your 
/etc/fstab file for the file system where your TDB files are stored. 
Use "cat /proc/mounts" to see current file system mount options.

You can check kernel defaults for xattr and ACL support by finding your 
config.gz or config file.  Under CentOS, this is stored in /boot

# grep CONFIG_EXT4_FS /boot/config-2.6.32-358.18.1.el6.x86_64
# zgrep CONFIG_EXT4_FS /proc/config.gz

Command to check ACLs:

# getfacl

Command to check xattrs:

# getfattr


All that to say my guess is that the ACLs get stored in "acl" ext4 mount 

I know that rdiff-backup stores: "preserves subdirectories, hard links, 
dev files, permissions, uid/gid ownership, modification times, extended 
attributes, acls, and resource forks".  So you would need to check that 
your backup software supports both "extended attributes" and "ACLs".

More information about the samba mailing list