gd
commented
3 years ago Current patch has been deferred (Ralph wants to use a real not a parametric option for performance reason)
Open gd opened 3 years ago
gd
commented
3 years ago Current patch has been deferred (Ralph wants to use a real not a parametric option for performance reason)
gd
commented
2 years ago New merge request (in favor of old one): https://gitlab.com/samba-team/samba/-/merge_requests/2557
anoopcs9
commented
2 years ago Now that required changes are in master, let's decide on a xattr name for storing NTACLs using newly added option acl_xattr:security_acl_name.
@gd @phlogistonjohn @spuiuk
phlogistonjohn
commented
2 years ago Sure. I propose user.ntacl
anoopcs9
commented
1 year ago Relevant section from upcoming 4.18 Samba release:
New option to change the NT ACL default location
------------------------------------------------
Usually the NT ACLs are stored in the security.NTACL extended
attribute (xattr) of files and directories. The new
"acl_xattr:security_acl_name" option allows to redefine the default
location. The default "security.NTACL" is a protected location, which
means the content of the security.NTACL attribute is not accessible
from normal users outside of Samba. When this option is set to use a
user-defined value, e.g. user.NTACL then any user can potentially
access and overwrite this information. The module prevents access to
this xattr over SMB, but the xattr may still be accessed by other
means (eg local access, SSH, NFS). This option must only be used when
this consequence is clearly understood and when specific precautions
are taken to avoid compromising the ACL content.@spuiuk @phlogistonjohn Please vote for our preferred xattr name.
anoopcs9
commented
1 year ago Sure. I propose
user.ntacl
user.NTACL 😜
Preliminary work has been started to make the xattr attribute name configureable: https://gitlab.com/samba-team/samba/-/merge_requests/1908