[Samba] Behavior of acl_xattr:ignore system acls = yes on a share
Peter Milesson
miles at atmos.eu
Wed Jan 31 14:01:59 UTC 2024
Problem solved (I hope)!
On 31.01.2024 12:40, Ralph Boehme via samba wrote:
> On 1/31/24 12:02, Rowland Penny via samba wrote:
>> Which looks correct to myself, so a bug ?
> something to look into in more detail, ie logs and network traces. :)
>
> -slow
Hi folks,
I added the following parameter to the share definition in smb.conf:
acl_xattr:default acl style = windows
Now the share definition is:
[Migrtest]
path = /data/migrtest
read only = no
acl_xattr:ignore system acls = yes
acl_xattr:default acl style = windows
What I do now is the following:
* Create the folder for the share
* Set ownership root:"Domain Admins"
* Set permissions on the folder 0777
* Make sure the share is defined in smb.conf as above
* smbcontrol smbd reload-config && smbcontrol winbind reload-config
* Open Computer Management in Windows as a user with domain admin
privileges
* Connect to the Samba machine (not mentioning the quirky steps here...)
* Click on the share that shows up and select Properties
* Go to the Security tab
* The security tab is blank at first, with information that you need
read permissions to view the properties of this object.
* Click Advanced
* Change ownership to Domain Admins and mark Replace owner on
subcontainers and objects (I don't know if this is necessary, at
least it does not seem harmful)
* A message pops up, that I do not have permissions to read the
contents of directory bla, bla, bla. Click OK
* Right click on the share and select refresh
* Right click on the share again and select Properties
* Go to the Security tab
* Now, there should be one entry.
* Add any security objects and permissions you want for the share
* (I don't know if inheritance should be disabled, or not. Please
advice if you have got useful information here).
* Start using the share
Seems to work well enough.
Best regards,
Peter
More information about the samba
mailing list