[Samba] map acl inherit
Luis Peromarta
lperoma at icloud.com
Thu Jan 11 10:57:02 UTC 2024
Morning all.
I am reading trough
https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
As I was curious what exactly 'map acl inherit' does.
"This boolean parameter is only relevant for systems that do not support standardized NFS4 ACLs but only a POSIX draft implementation of ACLs. Linux is the only common UNIX system which does still not offer standardized NFS4 ACLs actually.
On such systems this parameter controls whether smbd(8) will attempt to map the 'protected' (don't inherit) flags of the Windows ACLs into an extended attribute called user.SAMBA_PAI (POSIX draft ACL Inheritance).
This parameter requires support for extended attributes on the filesystem and allows the Windows ACL editor to store (non-)inheritance information while NT ACLs are mapped best-effort to the POSIX draft ACLs that the OS and filesystem implements.
Default: map acl inherit = n"
It is recommended https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
As part of the “Enable Extended ACL Support on a Unix Domain member"
What are the "protected' (don't inherit) flags of the Windows ACLs” ?
I don’t have this parameter (map acl inherit = yes) set in my member server (Debian 12), and it works with no noticeable issues that I’m aware. What am I missing ?
If I don’t use this parameter and suddenly turn it on, what are the consequences ?
How does this relate to 'acl_xattr:ignore system acls = yes’ - if at all? My users only use Windows to access server. I have this line commented out, so default is ’no’.
Thanks for the explanation,
LP
More information about the samba
mailing list