[Samba] ...or howto change vfs_acl_xattr options inplace without changing access rights

Sebastian Neustein sebastian.neustein at arc-aachen.de
Mon Aug 21 16:20:26 UTC 2023

Hi Ralph

> On 8/18/23 09:55, Sebastian Neustein via samba wrote:
>> With the default settings of vfs_acl_xattr samba takes posix acls 
>> into account when delivering data - how can I activate
>> "acl_xattr:ignore system acls = yes"
>> without loosing the information saved in posix acls? Background: our 
>> future file system won't be able to support acls.
> Sorry, but this is confusing? Why don't you want to loose POSIX ACLs 
> when the new filesystem doesn't support them anyway?
> I would basically rsync, preserving xattrs, and set POSIX filesystem 
> permissions to 0777/0666. vfs_acl_xattr will be serving NT ACLs from 
> the migrated xattrs, ignoring filesystem permissions given that 
> "acl_xattr:ignore system acls = yes" is set.

The storage has come a long way with various changes of the smb.conf. It 
is possible that at the time of creation of a file/directory 
vfs_acl_xattr was not active. This could mean that the directory does 
not have any extended attributes written to it and ACLs are only defined 
with POSIX ACLs. In this case I would need a trigger to write the 
information stored in POSIX ACLs into the extended attributes. Is there 
anything like this?

By the way, does vfs_acl_xattr always write the extended attribute in 
the same way, no matter if "ignore system acls" is activated or not? I 
assumed that samba/vfs_acl_xattr would set the POSIX ACLs first and 
write all the _other_ information in the extended attributes. Maybe a 
silly assumption...

Thank you for your help!


Sebastian Neustein

Airport Research Center GmbH
Bismarckstraße 61
52066 Aachen

Phone: +49 241 16843-23
Fax: +49 241 16843-19
e-mail: sebastian.neustein at arc-aachen.de
Website: http://www.airport-consultants.com

Register Court: Amtsgericht Aachen HRB 7313
Ust-Id-No.: DE196450052

Managing Director:
Dipl.-Ing. Tom Alexander Heuer

More information about the samba mailing list