Ralph Boehme
2024-Jan-31 11:40 UTC
[Samba] Behavior of acl_xattr:ignore system acls = yes on a share
On 1/31/24 12:02, Rowland Penny via samba wrote:> Which looks correct to myself, so a bug ?something to look into in more detail, ie logs and network traces. :) -slow -- SerNet Samba Team Lead https://samba.plus/ Samba Team Member https://samba.org/ SAMBA+ packages https://samba.plus/ SerNet Samba Support, Consulting and Development -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20240131/ed2b9caa/OpenPGP_signature.sig>
Peter Milesson
2024-Jan-31 14:01 UTC
[Samba] Behavior of acl_xattr:ignore system acls = yes on a share
Problem solved (I hope)! On 31.01.2024 12:40, Ralph Boehme via samba wrote:> On 1/31/24 12:02, Rowland Penny via samba wrote: >> Which looks correct to myself, so a bug ? > something to look into in more detail, ie logs and network traces. :) > > -slowHi folks, I added the following parameter to the share definition in smb.conf: acl_xattr:default acl style = windows Now the share definition is: [Migrtest] ??????? path = /data/migrtest ??????? read only = no ??????? acl_xattr:ignore system acls = yes ??????? acl_xattr:default acl style = windows What I do now is the following: * Create the folder for the share * Set ownership root:"Domain Admins" * Set permissions on the folder 0777 * Make sure the share is defined in smb.conf as above * smbcontrol smbd reload-config && smbcontrol winbind reload-config * Open Computer Management in Windows as a user with domain admin privileges * Connect to the Samba machine (not mentioning the quirky steps here...) * Click on the share that shows up and select Properties * Go to the Security tab * The security tab is blank at first, with information that you need read permissions to view the properties of this object. * Click Advanced * Change ownership to Domain Admins and mark Replace owner on subcontainers and objects (I don't know if this is necessary, at least it does not seem harmful) * A message pops up, that I do not have permissions to read the contents of directory bla, bla, bla. Click OK * Right click on the share and select refresh * Right click on the share again and select Properties * Go to the Security tab * Now, there should be one entry. * Add any security objects and permissions you want for the share * (I don't know if inheritance should be disabled, or not. Please advice if you have got useful information here). * Start using the share Seems to work well enough. Best regards, Peter
Possibly Parallel Threads
- Behavior of acl_xattr:ignore system acls = yes on a share
- Behavior of acl_xattr:ignore system acls = yes on a share
- Behavior of acl_xattr:ignore system acls = yes on a share
- Behavior of acl_xattr:ignore system acls = yes on a share
- Behavior of acl_xattr:ignore system acls = yes on a share