[Samba] samba 4.7.7 shares on FreeBSD 11.1-p11 started to ignore ACL

Oleg Cherkasov o1e9.cherkasov at yandex.com
Thu Aug 9 14:34:33 UTC 2018

On 09. aug. 2018 11:53, Oleg Cherkasov via samba wrote:
> On 08. aug. 2018 22:30, Dante Colo wrote:
>> If you add to vfs module to a share you also have to explicit add 
>> acl_xattr , that's what i do when i want to add another module and 
>> keep acl_xattr on the same share, if i'm not doing right way  someone 
>> correct me .
> I am already have 'vfs objects = zfsacl' set for my ZFS shares so 
> acl_xattr does not help at all.  acl_xattr adds two more entries to the 
> Security Permissions list: CREATOR OWNER and CREATOR GROUP.  With out 
> acl_xattr I have only: root, wheel and Everyone.
> If seems full_audit/audit vfs works with acl_xattr and do not handle 
> zfsacl, or it may be the other way around of course.

The problem located and solved.  I have used 'vfs objects' twice unaware 
that the last entry is always used instead of merging those module names 
to a single `vfs objects` line.  testparm shows it explicitly of course 
and I missed it from the beginning.

It must be as follows:

vfs objects = zfsacl streams_xattr full_audit

or skip streams_xattr:

vfs objects = zfsacl full_audit

More information about the samba mailing list