[RndTbl] weird samba ACLs from MS Office
Adam Thompson
athompso at athompso.net
Fri Jan 6 20:56:58 CST 2023
I don't remember the exact method, but you want to remove ACL support completely - whether from the FS, Samba, or the share. Office will always do this - but it should be a "so what" moment.
IMHO you're focused on a band-aid for the symptom, not the problem. The problem is why does this seemingly-innocuous ACL cause problems? Possibly also why does Samba not translate that back into ordinary UNIX permissions, which in this case looks like fully reversible transform.
-Adam
Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Roundtable <roundtable-bounces at muug.ca> on behalf of Trevor Cordes <trevor at tecnopolis.ca>
Sent: Friday, January 6, 2023 8:50:39 PM
To: MUUG RndTbl <roundtable at muug.ca>
Subject: [RndTbl] weird samba ACLs from MS Office
Have samba (4.16) sharing some linux drives to Windows. Want things
pretty simple where files on the share are all forced into certain user,
gorup, mode:
force create mode = 0660
force directory mode = 02770
force user = samba
Everything works great. The files get created like this:
-rw-rw---- 1 samba samba 0 Jan 4 01:01 test-file.txt
... With every app except MS Office. MS Office insists on making some
fubar ACL:
-rw-rwx---+ 1 samba samba 50510 Jan 4 01:13 test-excel.csv*
#getfacl test-excel.csv
# file: test-excel.csv
# owner: samba
# group: samba
user::rw-
user:samba:rw-
group::rw-
group:samba:rw-
mask::rwx
other::---
Looks like the same thing, eh? But that ACL screws up linus backups as it
is stopping a user who is in group samba from reading the file!!?!??
But I don't even want to solve that riddle (because they should be able to
read it), I just want to force samba to not let (or just ignore) Office
make an ACL in the first place. I don't want any files where ls says "+"
in the mode!
I swear this didn't use to happen. Might have been years ago, though.
All the samba ACL options seem to be to get "more" ACLs. I want less!
None!
But I don't want to mount the linux fs itself with ACLs off. I just want
to force samba to force Office to not be insane.
Anyone know the magic for this?
_______________________________________________
Roundtable mailing list
Roundtable at muug.ca
https://muug.ca/mailman/listinfo/roundtable
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://muug.ca/pipermail/roundtable/attachments/20230107/a5446ecd/attachment.htm>
More information about the Roundtable
mailing list