[Samba] How to set up a simple file server with full ACL support?
Luis Peromarta
lperoma at icloud.com
Thu May 23 05:35:04 UTC 2024
In LXC containers for ACLs to work they can’t be “unprivileged”.
LP
On 23 May 2024 at 05:06 +0100, Jeremy Allison via samba <samba at lists.samba.org>, wrote:
> On Thu, May 23, 2024 at 09:42:53AM +1200, Andrew Bartlett via samba wrote:
> > After 23 years answering questions here, I figure it might be time for
> > me to ask one.
> >
> > As mentioned here:
> > https://lists.samba.org/archive/samba-technical/2024-May/138969.html I
> > am working with a client to improve a Go SMB client library.
> >
> > They want to manipulate ACLs on SMB, which is a very reasonable thing
> > to want to do.
> >
> > What we had a lot of trouble with is simply setting Samba up as a
> > standalone fileserver able to accept arbitrary NT ACL changes.
> > ..
> > However, despite connecting as root (within a docker container), we
> > just get ACL errors that seem to be from Samba checking and failing
> > against some existing (mapped) presumably ACL.
> >
> > I don't have the exact error strings to hand (was on the client's dev
> > box) but I've been asked to provide a working set of steps to get
> > arbitrary windows ACLs working on modern standalone Samba server.
>
> My guess would be docker container issues.
>
> Try setting up a bog-standard stand-alone fileserver (not on docker)
> - no containerization, just using local users and NTLM auth.
>
> Get ACL then set with smbcacls.
>
> That should easily work, and the network trace should show
> you what is being done.
>
> If that fails, get a debug level 10 and start digging
> for the returned error message.
>
> This *should* be very simple. It works for me every day.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list