[Samba] access "claim types"
rpenny at samba.org
Fri Feb 10 09:26:32 UTC 2023
On 10/02/2023 09:14, Stefan G. Weichinger via samba wrote:
> Am 10.02.23 um 10:01 schrieb Rowland Penny via samba:
>>> The yellow warning is there on shares belonging to root or
>>> Administrator (wrong)
>> Problem is, Administrator shouldn't own anything on Unix.
> I understand. Will try to change that asap.
> But why the warning on shares also where the directory belongs to root
> on the linux filesystem?
> Just tested that again with a test share:
> chown to root:10512 (domain-admins), chmod 770 ... same yellow warning
> in the dialog (with the 2 corrected DNS-IPs in resolv.conf also)
>>> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs again, sure.
>>> I don't have "acl_xattr:ignore system acls = yes" ... changing that
>>> sounds dangerous, especially while there are dozens of active users
>>> on the server right now.
>> That does exactly what it says, the normal 'ugo' Unix permissions will
>> be ignored and only permissions set from Windows (and stored in an EA)
>> will be used by Samba.
> Should I set that or not?
> Is there a best practice to fix that on productive machines without
> breaking stuff?
> The users work with the shares for years now, I am not even sure if that
> yellow warning for those "claim types" is relevant at all in my case ...
> as I seem to be able to add/edit perms anyway.
It is one of those 'Marmite' things, you either love it or hate it. I
have never used it, but Louis insisted on it.
I, personally would test this out on a test machine, if it fixes your
problem, then great, use it.
More information about the samba