[Samba] NT ACL preservation
rowlandpenny241155 at gmail.com
Tue Nov 10 07:53:18 UTC 2015
On 10/11/15 03:22, Andrew Hart wrote:
> Hey, hoping I can get some guidance on how this works.
> I've got a running samba standalone setup. On one of my shares, I
> want to
> preserve the ACL of files as they come from the client (Win 7), in
> acting as a file backup. My setup for this share is currently:
> valid users = @wheel
> public = no
> writeable = yes
> vfs objects = btrfs acl_xattr
> # acl_xattr: ignore system acls = yes
> # map acl inherit = yes
> store dos attributes = yes
> My problem is that at some point in the chain, the ACLs are getting
> stripped out. When I pull files back, they simply inherit the
> of the target folder.
> I currently have two test files with different permission settings that I
> use to try to work out what is going on. If I getfattr -n
> the output for each file is slightly different, but smbcacls gives the
> same output for both files. Uncommenting the map acl inherit line
> the user.SAMBA_PAI, but I don't really have a clue what doing that
> does or
> doesn't get me, so not sure whether to use it. I'm pretty sure I want
> 'ignore system acls' but uncommenting that line results in the test files
> no longer getting either security.NTACL or user.SAMBA_PAI. I've had a
> rummage through the logs, but nothing seems to indicate a problem,
> although I'm not sure what I'd be looking for.
> I know copying by Windows Explorer results in stripping out permissions,
> but is there a preferred way on windows to send files to the share for
> this purpose? I've tested with Robocopy and FreeFileSync. They both
> result in the behaviour described above.
> Any suggestions would be greatly appreciated!
> Andrew Hart
Can we see your entire smb.conf?
More information about the samba