[Samba] SMB Windows ACL functionality

Rowland Penny rpenny at samba.org
Tue Jul 12 08:01:14 UTC 2022

On Tue, 2022-07-12 at 09:53 +0200, Ralph Boehme via samba wrote:
> On 7/12/22 03:58, Bailey Allison via samba wrote:
> > In addition, I have changed the permissions on the shared directory
> > to:
> > 
> > chmod 0770 /mnt/smb
> > chown root:"DOMAIN\Domain Admins" /mnt/smb
> I guess this isn't really obvious from the manpage, but you're
> supposed 
> to set the directory to 0777 so the module can implement the
> permission 
> evaluation in userspace based on the contents of the NT ACL stored in
> an 
> xattr, without interference of filesystem permissions.

No, it isn't obvious and that would allow anyone that gets local access
to the samba server access to the shares directory.


More information about the samba mailing list