[Samba] windows acls

[Peter Carlson]

I am seeing some weird problems with windows acls

At the share (public for all users) I have:

  * root (Unix User\root) : Full control
  * root (Unix Group\root) : Full control
  * Everyone : Full Control
  * CREATOR OWNER : Full Control
  * CREATOR GROUP : Read & execute
  * Everyone : Read & execute
  * Domain Users : Full Control

Inheritance is disabled (button in Computer Management\System 
Tools\Shared Folders\Shares shows "Enable Inheritance")

When I look at one of the folders in the share (mounted at P:\) I see:

  * S-1-5-21-185628584-2620904409-2800336372-1105 : Full Control :
    Inherited From P:\ : This folder only
  * CREATOR OWNER : Full Control : Inherited From P:\ : Subfolders and
    files only
  * Domain Admins : Read & execute : Inherited From P:\ : This folder only
  * CREATOR GROUP : Read & execute : Inherited From P:\ : Subfolders and
    files Only
  * Everyone : Read & execute : Inherited From P:\ : This folder,
    subfolders and files
  * Domain Users : Full control : Inherited From P:\ : This folder,
    subfolders and files

1) S-1-5-21-185628584-2620904409-2800336372-1105 - Should I delete 
this?  it seems to be a broken permission from a previous config?

2) If inheritance is disabled, why do the folders in the share show 
inherited from P:\ ?

3) I am a member of Domain Users and Domain Admins.  I can see files in 
P:\ but I cant overwrite them or delete them.  It seems to be using the 
permissions of Domain Admins R+X and not Domain Users Full Control.  yes 
I know the permissions seem backwards, which is another issue, however 
shouldn't it allow me write access since I am also a member of Domain 
Users ?

Thanks! Peter