[Samba] 4.15 windows ACL share. Not taking?
manu at pinguino.eus
Wed Mar 2 09:39:17 UTC 2022
Thanks for your reply.
Le 28/02/2022 à 20:26, Rowland Penny via samba a écrit :
> Your Windows ACL is being applied, just not where you think it is. If
> you read the line, it tells you what it will do, it will ignore the
> system acls.
> Samba will potentially store permissions in three places:
> The normal Unix acl (ugo)
> An extended ACL set by 'setfacl' and shown by 'getfacl' (this is where
> the '+' comes from)
> Windows ACLs stored in an Extended attribute (aka EA)
> If you do not set 'acl_xattr:ignore system acls = yes' a best effort
> will be done to map the windows ACLs to the Unix acls, this where ugo
> and setfacl come in. If you do set it, the mapping will not be done.
Yes I read the man page, but it isn't clear for me, see below.
>> But if I comment this line and then my share is only :
>> # acl_xattr:ignore system acl = yes
> That is not a valid line, so it will not be used, even if you uncomment
Sorry, typo, yes i have set "acls"
> Yes, but why are you adding that line (even if it is wrong) if want to
> use setfacl ?
I don't want to use setfacl, I want to use Windows ACL and configure
them from a Windows computer.
But when I read the wiki page, it says
"Samba stores the file system permissions in extended file system access
control lists (ACL) and in an extended attribute" so I thought I would
expect a "+" on the share.
I read again the wiki page but it isn't clear for me.
I did more test, and like John said in its second mail, if I just put :
# acl_xattr:ignore system acls = yes
path = /srv/samba/TEST/
read only = no
All works fine.
If i uncomment the normally expected qcl_xattr line, the it fails, a
user who have permissions can't even browse the share.
Well, I'm lost :-(
More information about the samba