[Samba] samba acl it

L.P.H. van Belle belle at bazuin.nl
Wed Feb 20 09:43:00 UTC 2019 

Good morning Rowland,

.. 
> 
> I don't have to, I know, 'acl' is installed automatically, you have to
> manually install 'attr'.
So good to know that then there is no difference in the debian <-> Duvean base. 

I noticed : attr or xattr ? 
https://packages.debian.org/stretch/attr
https://packages.debian.org/stretch/xattr

Whats the difference here? I dont know. except one is missing the x. for the smartasses..  ;-) 
Debian shows :  https://packages.debian.org/stretch/samba   recommends : attr

And quick check on my systems shows something different. 
Some have both attr and xattr installed
Some only xattr, i found that these servers are only using winbind with nfs homedirs, so just used for ssh logins. 
  But this tells me i've stuggled also with this.
Some only attr, but all servers with shares have attr installed. 

Small test .. On a member.  
xattr -l /home/users/username/Nieuw\ tekstdocument.txt
Traceback (most recent call last):
  File "/usr/bin/xattr", line 11, in <module>
    load_entry_point('xattr==0.9.1', 'console_scripts', 'xattr')()
  File "/usr/lib/python3/dist-packages/xattr/tool.py", line 188, in main
    attr_value = attr_value.decode('utf-8')
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 8: invalid start byte

attr -l /home/users/username/Nieuw\ tekstdocument.txt
Attribute "DOSATTRIB" has a 56 byte value for /home/users/username/Nieuw tekstdocument.txt
Attribute "SAMBA_PAI" has a 55 byte value for /home/users/username/Nieuw tekstdocument.txt
Attribute "NTACL" has a 408 byte value for /home/users/username/Nieuw tekstdocument.txt


And test one of my DCs.
xattr /home/samba/sysvol/internal.domain.tld/Policies/\{CANAF3B18-5777-491E-8F3E-2FBD663AE7B9\}/GPT.INI
-su: xattr: command not found

attr -l /home/samba/sysvol/internal.domain.tld/Policies/\{CANAF3B18-5777-491E-8F3E-2FBD663AE7B9\}/GPT.INI
Attribute "DOSATTRIB" has a 56 byte value for /home/samba/sysvol/internal.domain.tld/Policies/{CANAF3B18-5777-491E-8F3E-2FBD663AE7B9}/GPT.INI
Attribute "NTACL" has a 308 byte value for /home/samba/sysvol/internal.domain.tld/Policies/{CANAF3B18-5777-491E-8F3E-2FBD663AE7B9}/GPT.INI

My questions are ? 
What is SAMBA_PAI ? And why dont i see that on the DC? 
And what is the diffence between attr and xattr? 

The wiki says (https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs) 
( Samba does not support using POSIX ACLs on a DC. You must use Windows ACLs. ) 

File System Support : The file system, the share will be created on, must support: 
user and system xattr name spaces. 
extended access control lists (ACL).

The confusing thing here the tekst "system xattr name spaces"
And then  vfs objects = acl_xattr  ( in smb.conf ) 
So what do people expect ... Xattr 

While we should install/use always :  attr ( as package ) or am i making base asumptions here. 
I think its wise to add attr as oblgated to the samba packages. ( at least for my packages ) 
Suggestions? 


Greetz, 

Loius

More information about the samba mailing list