[Samba] Is "acl_xattr:ignore system acl = yes" recommended?

miguel medalha medalist at sapo.pt
Mon Jul 26 22:05:12 UTC 2021

>> When acl_xattr:ignore_system_acls is set to "yes", create mask
>> parameter is set to 666 and directory mask parameter to 777. (...)

> Yeah, that's exactly my are of concern.  

I have been using this setting because all my clients are Windows machines and nobody logs on directly to the Linux servers. File access becomes faster. But yes, those 666 and 777 leave me with a trace of discomfort...

Since Samba has root access, wouldn't it be possible, when using acl_xattr:ignore_system_acls,  to set permissions to 600/700 instead and let Samba do the translation and authorize access based only on what is stored in the "security.NTACL" extended attribute by acl_xattr?

More information about the samba mailing list