Am Dienstag, 16. September 2008 schrieb vishesh:
> Thanks Nagel
>
> That means
> "inherit permission" and "inherit acl" parameter should be used only
> when default acl not present on parent directory.
>
No, if you want to be sure that permissions are inhereted properly, you need
both, default permissions and "inherit permissions/acl". If "inherit
permissions/acl" is missing, the default acl are inherited but may be they are
modified. The man page reads:
inherit acls (S)
This parameter can be used to ensure that if default acls exist on
parent directories, they are always honored when creating a new file or
subdirectory in these
parent directories. The default behavior is to use the unix mode
specified when creating the directory. Enabling this option sets the unix mode
to 0777, thus
guaranteeing that default directory acls are propagated.
The important point is, that the unix mode is set to 0777, if "inherit acl =
yes" is set. Otherwise the unix mode, that is active for the user context Samba
is running in, will be taken. I will give an example to make things clear.
Imagine you have a directory with the following acls:
default:mask::rwx
default:user::rwx
default:user:my_account:r-x
and the effective user mode is not 0777 but 0666 and "inherit acl" is set to
"no". In this case the new file gets the following acls
default:mask::rw-
default:user::rw-
default:user:my_account:r--
Please recognize the missing executive bit. The acl of the new object is the
logical AND operation of the default acl and the effective unix mode. The acl
are inherited anyway, no matter what "inherit acl" says. But the result might
be different from what you expect.
Matthias Nagel
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
