[Samba] Cannot change NTACL for share from Windows
Viktor Trojanovic
viktor at troja.ch
Mon Jun 1 15:56:06 UTC 2020
On Mon, 1 Jun 2020 at 05:46, Viktor Trojanovic <viktor at troja.ch> wrote:
>
>
> On June 1, 2020 00:32:23 Roy Eastwood via samba <samba at lists.samba.org>
> wrote:
>
> > Sorry, send to list as well
> >> I've set up Samba 4.11 in an unprivileged container. At this point, I
> can
> >> only assume that this might be the issue here, though I
> > can't
> >> quite understand why. Does anyone happen to have an explanation, is
> there
> >> maybe a workaround? I know for a fact that it works
> >> with privileged containers, having used several of these myself.
> >>
> >> Viktor
> >
> > That's your problem - it needs a privileged container so that the
> container
> > can change the permissions on the underlying filing
> > system.
>
> OK, I found some evidence of this here:
> https://discuss.linuxcontainers.org/t/samba-acls-in-a-lxd-container/4420/7
>
> It seems that changing xattr information requires real root which is why
> it
> won't work with an unprivileged container.
>
> If what is said in that discussion is true, then the only workaround for a
> non privileged container is to assume no support for xattr and use
> posix:eadb in smb.conf.
>
>
> https://wiki.samba.org/index.php/File_System_Support#File_systems_without_xattr_support
>
> Not recommended, though, as it comes with a significant performance hit.
>
> There seems to be anecdotal evidence, however, that xattr may work even
> with an unprivileged container when btrfs is used.
>
>
> https://github.com/lxc/lxc/issues/2708#issuecomment-473466062
>
>
> I couldn't find more sources to confirm this though. May run some tests of
> my own when I find the time.
>
>
Just to confirm: Making the container privileged solved the issue. I still
hope that, at some point in the future, Samba will work fine in
unprivileged containers.
Viktor
More information about the samba
mailing list