[Samba] Remove all Windows ACL's from files/folders
jra at samba.org
Mon Mar 28 21:31:32 UTC 2022
On Mon, Mar 28, 2022 at 03:36:52PM -0500, Patrick Goetz via samba wrote:
>On 3/28/22 11:43, Jeremy Allison via samba wrote:
>>>>It's used as a "pristine" store of the ACL the client sent.
>>>>If the underlying native (usually POSIX) ACL is changed outside
>>>>of smbd then it is removed as it no longer represents reality.
>>>That's new information I didn't know.
>>>So, simply doing a chmod/chown in Linux would be enough to fully
>>>reset/remove all Samba (Windows set) ACL's on a file or directory,
>>Yes. We store a hash of the existing mapping from
>>Windows ACL -> POSIX ACL i.e. perms also. If you
>>change the POSIX ACL or perms outside of smbd the
>>hash no longer matches so we can't trust it.
>I take it that recomputing the hash on filesystem objects when
>accessed would create too great of a performance hit?
No, it's just that if something changes the
permissions outside of Samba we just don't know
More information about the samba