thr3ads.net - samba - [Samba] acl_xattr does not apply to the root shared folder [Jan 2023]

If this information is useful, please help other people find it:
Share via:

Павел Маринин

2023-Jan-02 17:25 UTC

[Samba] acl_xattr does not apply to the root shared folder

Hello!
I have configured the file server using acl_xattr.
I used the instructions
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
My config contains the following settings:
[global]
.
.
.
vfs objects = acl_xattr
map acl inherit = yes
acl_xattr:ignore system cls = yes
?
[tmpdir]
path = /srv/samba/tmpdir
read-only = none
?
1. I have the following problem: acl_xattr only apply to subfolders in
"/srv/samba/tmpdir" and do not apply to the folder /srv/samba/tmpdir.
Is this correct?
2. When I add the parameter "acl_xattr: ignore system settings = yes"
to the config, only UNIX ACL?begin to apply to the folder
"/srv/samba/tmpdir", i.e. only the owner and the group. Is this
correct?
?
----------------------------------------------------------------------
samba version 4.13.13-Debian
--
Pavel

Rowland Penny

2023-Jan-02 19:35 UTC

head link

[Samba] acl_xattr does not apply to the root shared folder

On 02/01/2023 17:25, ????? ??????? via samba wrote:> 
> Hello!
> I have configured the file server using acl_xattr.
> I used the instructions
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> My config contains the following settings:
> [global]
> .
> .
> .
> vfs objects = acl_xattr
> map acl inherit = yes
> acl_xattr:ignore system cls = yes
>   
> [tmpdir]
> path = /srv/samba/tmpdir
> read-only = none
Where did you get 'none' from ? It should be 'no' or yes or true
or false.
>   
> 1. I have the following problem: acl_xattr only apply to subfolders in
"/srv/samba/tmpdir" and do not apply to the folder /srv/samba/tmpdir.
Is this correct?
Yes
> 2. When I add the parameter "acl_xattr: ignore system settings =
yes" to the config, only UNIX ACL?begin to apply to the folder
"/srv/samba/tmpdir", i.e. only the owner and the group. Is this
correct?
Well, yes and no :-D

Yes, if you have that line, the Unix acls are ignored by Samba when 
setting the EA's. No, anyone connecting via Samba will get the ACL's set
in the EA's (the permissions set from Windows), but anyone connecting 
locally will get the permissions set locally (ugo). It basically boils 
down to (and this is Samba best practice) not connecting locally if 
using Samba. just connect to the share.

Rowland

samba - Jan 2023 - acl_xattr does not apply to the root shared folder

[Samba] acl_xattr does not apply to the root shared folder

[Samba] acl_xattr does not apply to the root shared folder