[cifs-protocol] MS-SMB2/MS-FSA: setting SD inherited ACL flag "DACL Auto-Inherited" (DI)

Ralph Boehme slow at samba.org
Mon May 10 08:22:14 UTC 2021

Am 5/10/21 um 9:33 AM schrieb Ralph Boehme via cifs-protocol:
> I've noticed that a wellknown behaviour with regards to ACL control 
> flags semantics seems to be undocumented. At least, I couldn't find any 
> reference that would explain the behaviour of a Windows SMB server.
> Fwiw, Samba implements the same behaviour since many many years.
> What I'm observing is that when setting an SD on a file or directory, 
> the resulting value of the flag "DACL Auto-Inherited" (DI) depends on 
> the values of both "DACL Auto-Inherited" (DI) and DACL Computed
> Inheritance Required (DC).
> Only if DI and DC are set in the client SD, the resulting SD will have DI.

oh, forgot to attach a network trace that shows this. Here, the set SD 
request has only DI set and as a result, DI is not set in the resulting SD.


Ralph Boehme, Samba Team                https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
GPG-Fingerprint   FAE2C6088A24252051C559E4AA1E9B7126399E46
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smb2_set_sd_acl_flag_inherited.pcapng
Type: application/x-pcapng
Size: 7560 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20210510/85b8566b/smb2_set_sd_acl_flag_inherited.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20210510/85b8566b/OpenPGP_signature.sig>

More information about the cifs-protocol mailing list