[Samba] Is "acl_xattr:ignore system acl = yes" recommended?

Rowland Penny rpenny at samba.org
Tue Jul 27 06:40:10 UTC 2021

On Mon, 2021-07-26 at 23:11 +0100, miguel medalha wrote:
> > Since Samba has root access, wouldn't it be possible, when using
> > acl_xattr:ignore_system_acls, 
> > to set permissions to 600/700 instead and let Samba do the
> > translation and authorize access based
> > only on what is stored in the "security.NTACL" extended attribute
> > by acl_xattr?
> Or even 660/770 if owner and group were to be root:root. It's the
> "others" part that is problematic.

I never gave this much thought, but now I have, can someone explain why
the parameter 'acl_xattr:ignore system acls' doesn't do what it says on
the tin (English joke) if it is set to yes ?

It appears that it doesn't ignore the system acls, it sets them !


More information about the samba mailing list