[Samba] acl_xattr does not apply to the root shared folder

Rowland Penny rpenny at samba.org
Mon Jan 2 19:35:53 UTC 2023

On 02/01/2023 17:25, Павел Маринин via samba wrote:
> Hello!
> I have configured the file server using acl_xattr.
> I used the instructions https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> My config contains the following settings:
> [global]
> .
> .
> .
> vfs objects = acl_xattr
> map acl inherit = yes
> acl_xattr:ignore system cls = yes
> [tmpdir]
> path = /srv/samba/tmpdir
> read-only = none

Where did you get 'none' from ? It should be 'no' or yes or true or false.

> 1. I have the following problem: acl_xattr only apply to subfolders in "/srv/samba/tmpdir" and do not apply to the folder /srv/samba/tmpdir. Is this correct?


> 2. When I add the parameter "acl_xattr: ignore system settings = yes" to the config, only UNIX ACL begin to apply to the folder "/srv/samba/tmpdir", i.e. only the owner and the group. Is this correct?

Well, yes and no :-D

Yes, if you have that line, the Unix acls are ignored by Samba when 
setting the EA's. No, anyone connecting via Samba will get the ACL's set 
in the EA's (the permissions set from Windows), but anyone connecting 
locally will get the permissions set locally (ugo). It basically boils 
down to (and this is Samba best practice) not connecting locally if 
using Samba. just connect to the share.


More information about the samba mailing list