[cifs-protocol] MS-SMB2/MS-FSA: setting SD inherited ACL flag "DACL Auto-Inherited" (DI)
Ralph Boehme
slow at samba.org
Mon May 10 08:22:14 UTC 2021
Am 5/10/21 um 9:33 AM schrieb Ralph Boehme via cifs-protocol:
> I've noticed that a wellknown behaviour with regards to ACL control
> flags semantics seems to be undocumented. At least, I couldn't find any
> reference that would explain the behaviour of a Windows SMB server.
>
> Fwiw, Samba implements the same behaviour since many many years.
>
> What I'm observing is that when setting an SD on a file or directory,
> the resulting value of the flag "DACL Auto-Inherited" (DI) depends on
> the values of both "DACL Auto-Inherited" (DI) and DACL Computed
> Inheritance Required (DC).
>
> Only if DI and DC are set in the client SD, the resulting SD will have DI.
oh, forgot to attach a network trace that shows this. Here, the set SD
request has only DI set and as a result, DI is not set in the resulting SD.
Cheers!
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smb2_set_sd_acl_flag_inherited.pcapng
Type: application/x-pcapng
Size: 7560 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20210510/85b8566b/smb2_set_sd_acl_flag_inherited.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20210510/85b8566b/OpenPGP_signature.sig>
More information about the cifs-protocol
mailing list