[Samba] Remove all Windows ACL's from files/folders

Jeremy Allison jra at samba.org
Mon Mar 28 21:31:32 UTC 2022

On Mon, Mar 28, 2022 at 03:36:52PM -0500, Patrick Goetz via samba wrote:
>On 3/28/22 11:43, Jeremy Allison via samba wrote:
>>>>It's used as a "pristine" store of the ACL the client sent.
>>>>If the underlying native (usually POSIX) ACL is changed outside
>>>>of smbd then it is removed as it no longer represents reality.
>>>That's new information I didn't know.
>>>So, simply doing a chmod/chown in Linux would be enough to fully 
>>>reset/remove all Samba (Windows set) ACL's on a file or directory, 
>>Yes. We store a hash of the existing mapping from
>>Windows ACL -> POSIX ACL i.e. perms also. If you
>>change the POSIX ACL or perms outside of smbd the
>>hash no longer matches so we can't trust it.
>I take it that recomputing the hash on filesystem objects when 
>accessed would create too great of a performance hit?

No, it's just that if something changes the
permissions outside of Samba we just don't know
about it.

More information about the samba mailing list