Did you get to the root of the problem ? David Eisner-2 wrote: > > On Thu, Feb 28, 2008 at 6:51 PM, David Eisner <[EMAIL PROTECTED]> wrote: > >> Permissions tab of the Advanced Security Settings dialog, whenever I >> uncheck the "Allow inheritable permissions from the parent to >> propagate to this object and all child objects" checkbox, and hit >> Apply, the checkbox always returns to the checked state immediately. >> It is never possible to get it into an unchecked state. Is this the >> expected behavior? > > > Just an update. I've been peering through the code trying to debug > this problem. Here's what I've learned so far: > > 1. The value represented by the "inheritable permissions" checkbox is > stored in the security descriptor's SE_DACL_PROTECTED control flag. > [1] In the Samba code, these flags are stored in the SEC_DESC > struct's "type" member. > > 2. set_nt_acl() (in smbd/posix_acls.c) is responsible for handling the > request to set the security descriptor on the file. Among other > things, it calls append_parent_acl(). This function is clobbering the > SE_DESC_DACL_PROTECTED bit in psd->type. It has the correct value > before the call, but it winds up getting cleared. > > 3. I see this comment inside append_parent_acl(): > > /* > * Note that we're ignoring "inherit permissions" here > * as that really only applies to newly created files. JRA. > */ > > Is this a bug? > > I'll take a look at what's in git and do some more research. > > -David > > [1] http://tinyurl.com/2pt7nh > > > -- > David Eisner http://cradle.brokenglass.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > >
-- View this message in context: http://www.nabble.com/Inheritable-Permissions-Issue-tp15748956p16618682.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
