Ralph Boehme
2024-Jan-31 10:53 UTC
[Samba] Behavior of acl_xattr:ignore system acls = yes on a share
On 1/31/24 11:19, Rowland Penny via samba wrote:> When I logged into Windows and connected to a share that has > 'acl_xattr:ignore system acls = yes' set and right clicked on its icon > in Explorer and selected 'Properties', I found that 'EVERYONE' was > listed. I removed 'EVERYONE', clicked 'Apply' then 'OK', which > completed without error. 'EVERYONE' is no longer listed on Windows, but > if I go to the machine that holds the share and run 'samba-tool ntacl > get /srv/acl3 --as-sddl', I get this: > > O:S-1-22-1-0G:S-1-22-2-0D:AI(A;OICI;FA;;;S-1-22-1-0)(A;OICI;0x1200a9;;;DU)(A;OICI;0x1200a9;;;DU)(A;;FA;;;S-1-22-2-0)(A;;FA;;;S-1-22-2-0)(A;;FA;;;S-1-22-1-0)(A;;FA;;;WD)(A;OICIIO;FA;;;CO)(A;OICIIO;0x1200a9;;;S-1-22-2-0)(A;OICIIO;0x1200a9;;;CG)(A;OICIIO;0x1200a9;;;WD) > > 'WD' is Windows speak for 'EVERYONE'.looks like a bug or misconfiguration. -slow -- SerNet Samba Team Lead https://samba.plus/ Samba Team Member https://samba.org/ SAMBA+ packages https://samba.plus/ SerNet Samba Support, Consulting and Development -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20240131/db1db9c9/OpenPGP_signature.sig>
Rowland Penny
2024-Jan-31 11:02 UTC
[Samba] Behavior of acl_xattr:ignore system acls = yes on a share
On Wed, 31 Jan 2024 11:53:44 +0100 Ralph Boehme <slow at samba.org> wrote:> On 1/31/24 11:19, Rowland Penny via samba wrote: > > When I logged into Windows and connected to a share that has > > 'acl_xattr:ignore system acls = yes' set and right clicked on its > > icon in Explorer and selected 'Properties', I found that 'EVERYONE' > > was listed. I removed 'EVERYONE', clicked 'Apply' then 'OK', which > > completed without error. 'EVERYONE' is no longer listed on Windows, > > but if I go to the machine that holds the share and run 'samba-tool > > ntacl get /srv/acl3 --as-sddl', I get this: > > > > O:S-1-22-1-0G:S-1-22-2-0D:AI(A;OICI;FA;;;S-1-22-1-0)(A;OICI;0x1200a9;;;DU)(A;OICI;0x1200a9;;;DU)(A;;FA;;;S-1-22-2-0)(A;;FA;;;S-1-22-2-0)(A;;FA;;;S-1-22-1-0)(A;;FA;;;WD)(A;OICIIO;FA;;;CO)(A;OICIIO;0x1200a9;;;S-1-22-2-0)(A;OICIIO;0x1200a9;;;CG)(A;OICIIO;0x1200a9;;;WD) > > > > 'WD' is Windows speak for 'EVERYONE'. > > looks like a bug or misconfiguration. > > -slow >smb.conf has these: [global] .......... vfs objects = acl_xattr map acl inherit = Yes .................. [acltest3] path = /srv/acl3 read only = no acl_xattr:ignore system acls = yes Which looks correct to myself, so a bug ? Rowland