Provided by: samba-vfs-modules_4.17.7+dfsg-1ubuntu1_amd64 bug

NAME

       vfs_acl_xattr - Save NTFS-ACLs in Extended Attributes (EAs)

SYNOPSIS

       vfs objects = acl_xattr

DESCRIPTION

       This VFS module is part of the samba(7) suite.

       The vfs_acl_xattr VFS module stores NTFS Access Control Lists (ACLs) in Extended
       Attributes (EAs). This enables the full mapping of Windows ACLs on Samba servers.

       The ACLs are stored in the Extended Attribute security.NTACL of a file or directory. This
       Attribute is not listed by getfattr -d filename. To show the current value, the name of
       the EA must be specified (e.g.  getfattr -n security.NTACL filename).

       This module forces the following parameters:

              •   inherit acls = true

              •   dos filemode = true

              •   force unknown acl user = true

       This module is stackable.

OPTIONS

       acl_xattr:security_acl_name = NAME
           This option allows to redefine the default location for the NTACL extended attribute
           (xattr). If not set, NTACL xattrs are written to security.NTACL which is a protected
           location, which means the content of the security.NTACL attribute is not accessible
           from normal users outside of Samba. When this option is set to use a user-defined
           value, e.g. user.NTACL then any user can potentially access and overwrite this
           information. The module prevents access to this xattr over SMB, but the xattr may
           still be accessed by other means (eg local access, SSH, NFS). This option must only be
           used when this consequence is clearly understood and when specific precautions are
           taken to avoid compromising the ACL content.

       acl_xattr:ignore system acls = [yes|no]
           When set to yes, a best effort mapping from/to the POSIX ACL layer will not be done by
           this module. The default is no, which means that Samba keeps setting and evaluating
           both the system ACLs and the NT ACLs. This is better if you need your system ACLs be
           set for local or NFS file access, too. If you only access the data via Samba you might
           set this to yes to achieve better NT ACL compatibility.

           If acl_xattr:ignore system acls is set to yes, the following additional settings will
           be enforced:

                  •   create mask = 0666

                  •   directory mask = 0777

                  •   map archive = no

                  •   map hidden = no

                  •   map readonly = no

                  •   map system = no

                  •   store dos attributes = yes

       acl_xattr:default acl style = [posix|windows|everyone]
           This parameter determines the type of ACL that is synthesized in case a file or
           directory lacks an security.NTACL xattr.

           When set to posix, an ACL will be synthesized based on the POSIX mode permissions for
           user, group and others, with an additional ACE for NT Authority\SYSTEM will full
           rights.

           When set to windows, an ACL is synthesized the same way Windows does it, only
           including permissions for the owner and NT Authority\SYSTEM.

           When set to everyone, an ACL is synthesized giving full permissions to everyone
           (S-1-1-0).

           The default for this option is posix.

AUTHOR

       The original Samba software and related utilities were created by Andrew Tridgell. Samba
       is now developed by the Samba Team as an Open Source project similar to the way the Linux
       kernel is developed.