Re: [Samba] Skip ACL checks
- Date: Mon, 20 Mar 2017 10:57:02 +0100
- From: Christoph Kleineweber via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Skip ACL checks
On Fri, Mar 17, 2017 at 1:54 PM, Volker Lendecke <vl@xxxxxxxxx> wrote:
> On Thu, Mar 16, 2017 at 05:38:57PM +0100, Christoph Kleineweber wrote:
> > I am wondering if there is a way to bypass Samba's ACL checks and
> > access control completely to the underlying file system.
> > My problem arises from the following scenario: Our file system implements
> > ACLs that are to the best of my knowledge currently not readable by any
> > the existing VFS modules. When trying to access a file with an ACL going
> > beyond the file's POSIX mode, access is denied by Samba. I guess this is
> > caused by an mechanism to derive an NT ACL from the mode. Is there any
> > possibility to skip Samba's permission checks?
> Not really anymore. What you could do is provide a vfs module that
> returns a "Everyone is allowed everything" ACL in the get_nt_acl call.
> It would of course be much better to get a proper mapping. What do
> your ACLs look like?
Thanks for clarifying. We use NFSv4 compliant ACLs that can be accessed via
I found the existing NFSv4 ACL VFS module in Samba (nfs4acl_xattr), which
seems to be build on a different implementation. The referenced website (
http://www.suse.de/~agruen/nfs4acl/) does not exist anymore and the xattr
to access ACLs is different (system.nfs4acl for nfs4acl_xattr and
system.nfs4_acl for nfs4-acl-tools). Is this a known issue?
Quobyte GmbH, Berlin, AG Charlottenburg HRB 149012 B, Jan Stender, Felix
Hupfeld, Bjoern Kolbeck
To unsubscribe from this list go to the following URL and read the