<para>
Note that the SMB protocol allows setting attributes whose value is 64K bytes long,
and that on NTFS, the maximum storage space for extended attributes per file is 64K.
- On most UNIX systems (Solaris and ZFS file system being the exception), the limits
- are much lower - typically 4K. Worse, the same 4K space is often used to store
- system metadata such as POSIX ACLs, or Samba's NT ACLs. Giving clients
- access to this tight space via extended attribute support could consume all
- of it by unsuspecting client applications, which would prevent changing
- system metadata due to lack of space.
+ On some filesystem the limits may be lower. Filesystems with too limited EA
+ space may experience unexpected weird effects.
+
The default has changed to yes in Samba release 4.9.0 and above to allow better Windows
fileserver compatibility in a default install.
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> will attempt to map the 'inherit' and 'protected'
- access control entry flags stored in Windows ACLs into an extended attribute
- called user.SAMBA_PAI (POSIX ACL Inheritance). This parameter requires
- supports for extended attributes on the filesystem and
- allows the Windows ACL editor to store inheritance information while
- NT ACLs are mapped best-effort to the POSIX ACLs.
+ <para>This boolean parameter is only relevant for systems that do not support
+ standardized NFS4 ACLs but only a POSIX draft implementation of ACLs. Linux
+ is the only common UNIX system which does still not offer standardized NFS4
+ ACLs actually. On such systems this parameter controls whether
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will attempt to map the 'protected'
+ (don't inherit) flags of the Windows ACLs into an extended attribute called
+ user.SAMBA_PAI (POSIX draft ACL Inheritance). This parameter requires
+ support for extended attributes on the filesystem and allows the Windows
+ ACL editor to store (non-)inheritance information while NT ACLs are mapped
+ best-effort to the POSIX draft ACLs that the OS and filesystem implements.
</para>
</description>
<value type="default">no</value>
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter can be used to ensure that if default acls
+ <para>This parameter is only relevant for filesystems that
+ do not support standardized NFS4 ACLs but only a POSIX draft ACL
+ implementation and which implements default ACLs like most filesystems
+ on Linux. It can be used to ensure that if default ACLs
exist on parent directories, they are always honored when creating a
new file or subdirectory in these parent directories. The default
behavior is to use the unix mode specified when creating the directory.
Enabling this option sets the unix mode to 0777, thus guaranteeing that
- default directory acls are propagated.
+ the default directory ACLs are propagated.
Note that using the VFS modules acl_xattr or acl_tdb which store native
Windows as meta-data will automatically turn this option on for any