[Samba] nt acl inheritance

Mon, 16 May 2011 04:49:39 -0700 

Hello List,
I've observed the following missbehaivoure, while playing around with nc acl's. (see relevant configuration below): 

Working with Windows XP:

Open acl enabled share

Set default share permissions by right click on the explorer's top left 
clip control -> properties.
Under security I remove the CREATOR-OWNER and CREATORUSER Group, as I 
already know, that these two default groups cause trouble while saving 
acl's and result in a Windows Error Message "Invalid Parameter". Also I 
set some default security settings for users and groups accordingly to 
my needs and I apply it to This Folder, and any sub folder or file.


After applying to all new settings, I create a folder.

As expected my default share security settings have been inherited to 
the new folder.
I add an additional user to the acl and take care, that the inheritance 
is also "Folder, sub folder and file".


I create a new sub folder to this one and check the acl.

Here is the unwanted behavior: The new sub folder got user permissions 
from it's parent folder, but unlike the default share permissions which 
have been inherited, the additional user's permissions have not been 
inherited but have been copied. When I set the option "Inherit 
permissions to sub elements as far as applicable", and apply, then a new 
acl entry is created with the same user but this time inherited. Now I 
can delete the copied settings, and apply to everything.


I hope, these explanations where clear enough.

Here now the configuration:

Version: 3.5.8~dfsg-1ubuntu2.1
smb.conf:
[acl]
        comment = ACL Labor
        path = /home/acllabor
        vfs objects = acl_xattr
        read only = no
        browsable = yes
        valid users = me,you
        acl map full control = false
        inherit acls = yes
        map acl inherit = yes
        map read only = Permissions
        map archive = no
        map hidden = no
        map system = no
        nt acl support = yes
        acl group control = true
        dos filemode = yes
        enable privileges = yes
        store dos attributes = yes

mount options:

/dev/mapper/system-user on /home type ext4 
(rw,errors=remount-ro,acl,user_xattr,)



any help appreciated!

Felix


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to