[Samba] Skip ACL checks
- Date: Mon, 20 Mar 2017 15:28:38 +0100
- From: Christoph Kleineweber via samba <samba@xxxxxxxxxxxxxxx>
- Subject: [Samba] Skip ACL checks
> > > > I am wondering if there is a way to bypass Samba's ACL checks and
> > > delegate
> > > > access control completely to the underlying file system.
> > > >
> > > > My problem arises from the following scenario: Our file system
> > > > ACLs that are to the best of my knowledge currently not readable by
> > > of
> > > > the existing VFS modules. When trying to access a file with an ACL
> > > > beyond the file's POSIX mode, access is denied by Samba. I guess
> this is
> > > > caused by an mechanism to derive an NT ACL from the mode. Is there
> > > > possibility to skip Samba's permission checks?
> > >
> > > Not really anymore. What you could do is provide a vfs module that
> > > returns a "Everyone is allowed everything" ACL in the get_nt_acl call.
> > > It would of course be much better to get a proper mapping. What do
> > > your ACLs look like?
> > >
> > Thanks for clarifying. We use NFSv4 compliant ACLs that can be accessed
> > the nfs4-acl-tools.
> So the only supported way to retrieve ACLs is by running a separate
The nfs4-acl-tools make also use of xattrs to access ACLs. The ACL itself
is XDR encoded, so access could be done directly by a VFS module and does
not require the executable.
Quobyte GmbH, Berlin, AG Charlottenburg HRB 149012 B, Jan Stender, Felix
Hupfeld, Bjoern Kolbeck
To unsubscribe from this list go to the following URL and read the