[Samba] "ea support = yes" and "map acl inherit = yes"
Rowland penny
rpenny at samba.org
Mon Oct 14 14:28:53 UTC 2019
On 14/10/2019 14:53, Matthias Leopold via samba wrote:
> Hi,
>
> I'm running Samba 4.8 servers with Windows ACL enabled shares
> (following
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs).
> This manual demands to set
>
> map acl inherit = yes
> store dos attributes = yes
>
> and requires extended attribute support from the share file system. So
> far, so good. Now I shall upgrade to CentOS 7.7 which brings Samba 4.9
> which changes "ea support" parameter default "yes". I don't know how
> this relates to the above parameters.
Not much, it just means that you do not really need to have 'store dos
attributes = yes' in smb.conf, but it will not harm anything if it is
there.
>
> For "store dos attributes" man smb.conf says "This extended attribute
> is explicitly hidden from smbd clients requesting an EA list". What
> about "map acl inherit" and user.SAMBA_PAI? Is it safe to have "ea
> support = yes" and and "map acl inherit = yes"? What are the benefits?
You still need 'map acl inherit' but do not need 'ea support = yes' and
the Windows permissions are stored in an EA called 'security.NTACL'
You can read this with:
getfattr -n security.NTACL -d /path/to/share/directory
Rowland
More information about the samba
mailing list