[Samba] Behavior of acl_xattr:ignore system acls = yes on a share

Peter Milesson miles at atmos.eu
Wed Jan 31 11:59:15 UTC 2024



On 31.01.2024 12:36, Rowland Penny via samba wrote:
> On Wed, 31 Jan 2024 12:21:59 +0100
> Peter Milesson via samba <samba at lists.samba.org> wrote:
>
>>
>> On 31.01.2024 11:56, Ralph Boehme via samba wrote:
>>> On 1/31/24 11:38, Peter Milesson via samba wrote:
>>>> Unfortunately, that doesn't work. In share permissions, it's not
>>>> possible to remove Everyone, nor add another security object.
>>>> Clicking OK, the dialog closes without any errors, but opening it
>>>> again, Everyone is still there. I was sure to start Computer
>>>> Management as Administrator.
>>> are we talking share permissions or filesystem permissions? They
>>> are two things...
>>>
>>> Have you granted SE_DISK_OPERATOR_PRIVILEGE which is needed iirc to
>>> change share permissions?
>>>
>> Hi Ralph,
>>
>> This post was about the share permissions tab. It would be OK, to use
>> Everyone under share permissions, if it was possible to later select
>> the security objects under the security tab (which is not possible).
>>
>> Best regards,
>>
>> Peter
>>
>>
> As I said, you do not alter the 'Share' tab, only the 'Security' tab,
> which is failing.
>
> The only time this occurs for myself is if I create a new share with
> the 'acl_xattr:ignore system acls = yes' line set, reload the config
> and then go directly to a Windows machine and attempt to change the
> permissions.
> Thinking about this, could it be failing because there are no Windows
> permissions stored by Samba at this point, so there is nothing to change
> ?
>
> Rowland
>
Hi Rowland,

For a Windows server, I normally just set Everyone in the Share 
permissions tab, or possibly Authenticated users. As security 
permissions can be defined for the share under the Security tab there is 
no point in tweaking entries under the Share permissions.

I guess the problem is, that there are no permissions set, when trying 
to save the share configuration. It's not even possible to set anything 
later.

Best regards,

Peter




More information about the samba mailing list