[Samba] ...or howto change vfs_acl_xattr options inplace without changing access rights
Ralph Boehme
slow at samba.org
Mon Aug 21 17:37:15 UTC 2023
On 8/21/23 18:20, Sebastian Neustein wrote:
> The storage has come a long way with various changes of the smb.conf. It
> is possible that at the time of creation of a file/directory
> vfs_acl_xattr was not active. This could mean that the directory does
> not have any extended attributes written to it and ACLs are only defined
> with POSIX ACLs. In this case I would need a trigger to write the
> information stored in POSIX ACLs into the extended attributes. Is there
> anything like this?
ah, I see. Well, iirc there's no existing *efficient* tool to read the
ACL and then write it again, to make sure the storage is consistent. I
would look into expanding samba-tool ntacl ... a bit to do the work a
guess, but I'd have to take a closer look and do some more tinkering.
> By the way, does vfs_acl_xattr always write the extended attribute in
> the same way, no matter if "ignore system acls" is activated or not?
Iiirc not quite. Iirc we convert the NT ACL to POSIX ACL, store it in
the fs, convert the POSIX ACL back to an NT ACL and then store this in
the xattr. This makes sure both ACLs are the same and use the same
common denominator.
-slow
--
Meet us at Storage Developer Conference (SDC)
On 18th to 21st September 2023 in Fremont, CA
More information at https://samba.plus/events
Meet us at the conference storage2day 2023!
26th & 27th September, in Frankfurt am Main
Event on Storage Networks & Data Management
Find more info at https://samba.plus/events
Ralph Boehme, Samba Team https://samba.org/
SerNet Samba Team Lead https://sernet.de/en/
SAMBA+ Samba packages https://samba.plus/
SAMBA+ Webinar https://samba.plus/samba-webinars
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20230821/1bac22af/OpenPGP_signature.sig>
More information about the samba
mailing list