[Samba] Cannot change NTACL for share from Windows
Viktor Trojanovic
viktor at troja.ch
Mon Jun 1 03:46:46 UTC 2020
On June 1, 2020 00:32:23 Roy Eastwood via samba <samba at lists.samba.org> wrote:
> Sorry, send to list as well
>> I've set up Samba 4.11 in an unprivileged container. At this point, I can
>> only assume that this might be the issue here, though I
> can't
>> quite understand why. Does anyone happen to have an explanation, is there
>> maybe a workaround? I know for a fact that it works
>> with privileged containers, having used several of these myself.
>>
>> Viktor
>
> That's your problem - it needs a privileged container so that the container
> can change the permissions on the underlying filing
> system.
OK, I found some evidence of this here:
https://discuss.linuxcontainers.org/t/samba-acls-in-a-lxd-container/4420/7
It seems that changing xattr information requires real root which is why it
won't work with an unprivileged container.
If what is said in that discussion is true, then the only workaround for a
non privileged container is to assume no support for xattr and use
posix:eadb in smb.conf.
https://wiki.samba.org/index.php/File_System_Support#File_systems_without_xattr_support
Not recommended, though, as it comes with a significant performance hit.
There seems to be anecdotal evidence, however, that xattr may work even
with an unprivileged container when btrfs is used.
https://github.com/lxc/lxc/issues/2708#issuecomment-473466062
I couldn't find more sources to confirm this though. May run some tests of
my own when I find the time.
Viktor
More information about the samba
mailing list