[Samba] Fwd: Can Samba just store ACL information (without interpreting it) without AD?
Ralph Boehme
slow at samba.org
Thu Jan 12 15:31:00 UTC 2023
On 1/12/23 14:54, Steffen Dettmer via samba wrote:
> I read several articles on the internet, but I fail to understand how
> ACL storage technically works. Of course in almost any case, ACL
> should not only be stored but also evaluated, and for this this Samba
> server needs to be a member of the AD domain. I think I understand
> this, but I have a different use case. I hope someone can help and
> possibly has a link or such.
ACLs are not dependent on being a domain member.
Not sure what you're aiming for as I've just skimmed your posting, but I
guess what you're looking for is the module option
acl_xattr:security_acl_name = NAME
You need a relatively new Samba version (iirc) for this.
The security xattr namespace is not accessible from containers by
default unless you run the container in privileged mode.
Cheers!
-slow
--
Ralph Boehme, Samba Team https://samba.org/
SerNet Samba Team Lead https://sernet.de/en/team-samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20230112/05ab2404/OpenPGP_signature.sig>
More information about the samba
mailing list