[Samba] acl_xattr and root permissions

Jerome Charaoui jerome at riseup.net
Fri Dec 7 00:17:47 UTC 2018


Hello,

I'd like to know if, when using acl_xattr to store Windows ACLs in the
security.NTACL extended attribute, Samba knows to always to set the
attribute within the "root" context, or will it attempt to do it in the
(domain) user context that's requesting the change?

As I understand it, on Linux only root is allowed to modify extended
attributes in the "security" context.

I'm asking because so far, with Samba 4.5.12, I've been unable to modify
ACLs from a remote Windows client under any circumstance except when the
domain user is mapped to root via "username map".

Thanks,

-- Jerome



More information about the samba mailing list