[Samba] access "claim types"

Rowland Penny rpenny at samba.org
Fri Feb 10 09:26:32 UTC 2023

On 10/02/2023 09:14, Stefan G. Weichinger via samba wrote:
> Am 10.02.23 um 10:01 schrieb Rowland Penny via samba:
>>> The yellow warning is there on shares belonging to root or 
>>> Administrator (wrong)
>> Problem is, Administrator shouldn't own anything on Unix.
> I understand. Will try to change that asap.
> But why the warning on shares also where the directory belongs to root 
> on the linux filesystem?
> Just tested that again with a test share:
> chown to root:10512 (domain-admins), chmod 770 ... same yellow warning 
> in the dialog (with the 2 corrected DNS-IPs in resolv.conf also)
>>> Reading 
>>> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs again, sure.
>>> I don't have "acl_xattr:ignore system acls = yes" ... changing that 
>>> sounds dangerous, especially while there are dozens of active users 
>>> on the server right now.
>> That does exactly what it says, the normal 'ugo' Unix permissions will 
>> be ignored and only permissions set from Windows (and stored in an EA) 
>> will be used by Samba.
> Should I set that or not?
> Is there a best practice to fix that on productive machines without 
> breaking stuff?
> The users work with the shares for years now, I am not even sure if that 
> yellow warning for those "claim types" is relevant at all in my case ... 
> as I seem to be able to add/edit perms anyway.

It is one of those 'Marmite' things, you either love it or hate it. I 
have never used it, but Louis insisted on it.

I, personally would test this out on a test machine, if it fixes your 
problem, then great, use it.


More information about the samba mailing list