From: Felix Joussein <[email protected]> Date: Mon, 16 May 2011 13:42:44 +0200
> I've observed the following missbehaivoure, while playing around with nc > acl's. (see relevant configuration below): > > Working with Windows XP: > > Open acl enabled share > Set default share permissions by right click on the explorer's top left > clip control -> properties. > Under security I remove the CREATOR-OWNER and CREATORUSER Group, as I > already know, that these two default groups cause trouble while saving > acl's and result in a Windows Error Message "Invalid Parameter". Also I > set some default security settings for users and groups accordingly to > my needs and I apply it to This Folder, and any sub folder or file. > > After applying to all new settings, I create a folder. > As expected my default share security settings have been inherited to > the new folder. > I add an additional user to the acl and take care, that the inheritance > is also "Folder, sub folder and file". > > I create a new sub folder to this one and check the acl. > Here is the unwanted behavior: The new sub folder got user permissions > from it's parent folder, but unlike the default share permissions which > have been inherited, the additional user's permissions have not been > inherited but have been copied. When I set the option "Inherit > permissions to sub elements as far as applicable", and apply, then a new > acl entry is created with the same user but this time inherited. Now I > can delete the copied settings, and apply to everything. > > I hope, these explanations where clear enough. > > Here now the configuration: > > Version: 3.5.8~dfsg-1ubuntu2.1 > smb.conf: > [acl] > comment = ACL Labor > path = /home/acllabor > vfs objects = acl_xattr > read only = no > browsable = yes > valid users = me,you > acl map full control = false > inherit acls = yes > map acl inherit = yes > map read only = Permissions > map archive = no > map hidden = no > map system = no > nt acl support = yes > acl group control = true > dos filemode = yes > enable privileges = yes > store dos attributes = yes > > mount options: > /dev/mapper/system-user on /home type ext4 > (rw,errors=remount-ro,acl,user_xattr,) AFAIK, "map acl inherit = yes" does not work well: https://bugzilla.samba.org/show_bug.cgi?id=6841 Also acl_xattr will not work as you expected, because even if you enable acl_xattr, POSIX ACL semantics is still used in actual access control and inheriting ACLs. P.S. "map read only" parameter is always ignored when "store dos attributes = yes". --- TAKAHASHI Motonobu <[email protected]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
