[Samba] Fwd: Can Samba just store ACL information (without interpreting it) without AD?

Ralph Boehme slow at samba.org
Thu Jan 12 15:31:00 UTC 2023

On 1/12/23 14:54, Steffen Dettmer via samba wrote:
> I read several articles on the internet, but I fail to understand how
> ACL storage technically works. Of course in almost any case, ACL
> should not only be stored but also evaluated, and for this this Samba
> server needs to be a member of the AD domain. I think I understand
> this, but I have a different use case. I hope someone can help and
> possibly has a link or such.

ACLs are not dependent on being a domain member.

Not sure what you're aiming for as I've just skimmed your posting, but I 
guess what you're looking for is the module option

        acl_xattr:security_acl_name = NAME

You need a relatively new Samba version (iirc) for this.

The security xattr namespace is not accessible from containers by 
default unless you run the container in privileged mode.


Ralph Boehme, Samba Team                 https://samba.org/
SerNet Samba Team Lead      https://sernet.de/en/team-samba

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20230112/05ab2404/OpenPGP_signature.sig>

More information about the samba mailing list