vfs_acl_tdb - Save NTFS-ACLs in a tdb file

       The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
       by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

Samba 4.22.3-Ubuntu-4.22.3+dfs                     07/21/2025                                     VFS_ACL_TDB(8)

       This VFS module is part of the samba(7) suite.

       The vfs_acl_tdb VFS module stores NTFS Access Control Lists (ACLs) in a tdb file. This enables the full
       mapping of Windows ACLs on Samba servers.

       The ACL settings are stored in $LOCKDIR/file_ntacls.tdb.

       This module forces the following parameters:

              •   inherit acls = true

              •   dos filemode = true

              •   force unknown acl user = true

       This module is stackable.

       vfs_acl_tdb - Save NTFS-ACLs in a tdb file

       acl_tdb:ignore system acls = [yes|no]
           When set to yes, a best effort mapping from/to the POSIX ACL layer will not be done by this module.
           The default is no, which means that Samba keeps setting and evaluating both the system ACLs and the
           NT ACLs. This is better if you need your system ACLs be set for local or NFS file access, too. If you
           only access the data via Samba you might set this to yes to achieve better NT ACL compatibility.

           If acl_tdb:ignoresystemacls is set to yes, the following additional settings will be enforced:

                  •   create mask = 0666

                  •   directory mask = 0777

                  •   map archive = no

                  •   map hidden = no

                  •   map readonly = no

                  •   map system = no

                  •   store dos attributes = yes

       acl_tdb:default acl style = [posix|windows|everyone]
           This parameter determines the type of ACL that is synthesized in case a file or directory lacks an
           security.NTACL xattr.

           When set to posix, an ACL will be synthesized based on the POSIX mode permissions for user, group and
           others, with an additional ACE for NTAuthority\SYSTEM will full rights.

           When set to windows, an ACL is synthesized the same way Windows does it, only including permissions
           for the owner and NTAuthority\SYSTEM.

           When set to everyone, an ACL is synthesized giving full permissions to everyone (S-1-1-0).

           The default for this option is posix.

       vfs objects = acl_tdb