[Samba] access "claim types"

Stefan G. Weichinger lists at xunil.at
Fri Feb 10 09:14:30 UTC 2023

Am 10.02.23 um 10:01 schrieb Rowland Penny via samba:

>> The yellow warning is there on shares belonging to root or 
>> Administrator (wrong)
> Problem is, Administrator shouldn't own anything on Unix.

I understand. Will try to change that asap.

But why the warning on shares also where the directory belongs to root 
on the linux filesystem?

Just tested that again with a test share:

chown to root:10512 (domain-admins), chmod 770 ... same yellow warning 
in the dialog (with the 2 corrected DNS-IPs in resolv.conf also)

>> Reading 
>> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs 
>> again, sure.
>> I don't have "acl_xattr:ignore system acls = yes" ... changing that 
>> sounds dangerous, especially while there are dozens of active users on 
>> the server right now.
> That does exactly what it says, the normal 'ugo' Unix permissions will 
> be ignored and only permissions set from Windows (and stored in an EA) 
> will be used by Samba.

Should I set that or not?

Is there a best practice to fix that on productive machines without 
breaking stuff?

The users work with the shares for years now, I am not even sure if that 
yellow warning for those "claim types" is relevant at all in my case ... 
as I seem to be able to add/edit perms anyway.

More information about the samba mailing list