[Samba] NT ACL preservation

Rowland Penny rowlandpenny241155 at gmail.com
Tue Nov 10 07:53:18 UTC 2015

On 10/11/15 03:22, Andrew Hart wrote:
> Hey, hoping I can get some guidance on how this works.
> I've got a running samba standalone setup.  On one of my shares, I 
> want to
> preserve the ACL of files as they come from the client (Win 7), in 
> essence
> acting as a file backup.  My setup for this share is currently:
> valid users = @wheel
> public = no
> writeable = yes
> vfs objects = btrfs acl_xattr
> # acl_xattr: ignore system acls = yes
> # map acl inherit = yes
> store dos attributes = yes
> My problem is that at some point in the chain, the ACLs are getting
> stripped out.  When I pull files back, they simply inherit the 
> permissions
> of the target folder.
> I currently have two test files with different permission settings that I
> use to try to work out what is going on.  If I getfattr -n 
> security.NTACL,
> the output for each file is slightly different, but smbcacls gives the
> same output for both files.  Uncommenting the map acl inherit line 
> creates
> the user.SAMBA_PAI, but I don't really have a clue what doing that 
> does or
> doesn't get me, so not sure whether to use it.  I'm pretty sure I want
> 'ignore system acls' but uncommenting that line results in the test files
> no longer getting either security.NTACL or user.SAMBA_PAI.  I've had a
> rummage through the logs, but nothing seems to indicate a problem,
> although I'm not sure what I'd be looking for.
> I know copying by Windows Explorer results in stripping out permissions,
> but is there a preferred way on windows to send files to the share for
> this purpose?  I've tested with Robocopy and FreeFileSync.  They both
> result in the behaviour described above.
> Any suggestions would be greatly appreciated!
> Regards,
> Andrew Hart

Can we see your entire smb.conf?


More information about the samba mailing list