miguel medalha
2021-Jul-26 22:05 UTC
[Samba] Is "acl_xattr:ignore system acl = yes" recommended?
>> When acl_xattr:ignore_system_acls is set to "yes", create mask >> parameter is set to 666 and directory mask parameter to 777. (...)> Yeah, that's exactly my are of concern.I have been using this setting because all my clients are Windows machines and nobody logs on directly to the Linux servers. File access becomes faster. But yes, those 666 and 777 leave me with a trace of discomfort... Since Samba has root access, wouldn't it be possible, when using acl_xattr:ignore_system_acls, to set permissions to 600/700 instead and let Samba do the translation and authorize access based only on what is stored in the "security.NTACL" extended attribute by acl_xattr?
miguel medalha
2021-Jul-26 22:11 UTC
[Samba] Is "acl_xattr:ignore system acl = yes" recommended?
> Since Samba has root access, wouldn't it be possible, when using acl_xattr:ignore_system_acls, > to set permissions to 600/700 instead and let Samba do the translation and authorize access based > only on what is stored in the "security.NTACL" extended attribute by acl_xattr?Or even 660/770 if owner and group were to be root:root. It's the "others" part that is problematic.