[cifs-protocol] [EXTERNAL] Re: MS-SMB2/MS-FSA: setting SD inherited ACL flag "DACL Auto-Inherited" (DI)
obaidf at microsoft.com
Mon May 10 19:18:10 UTC 2021
I'll help you with this issue and will be in touch as soon as I have an answer.
Escalation Engineer | Microsoft
From: Ralph Boehme <slow at samba.org>
Sent: Monday, May 10, 2021 3:22 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org
Subject: [EXTERNAL] Re: MS-SMB2/MS-FSA: setting SD inherited ACL flag "DACL Auto-Inherited" (DI)
Am 5/10/21 um 9:33 AM schrieb Ralph Boehme via cifs-protocol:
> I've noticed that a wellknown behaviour with regards to ACL control
> flags semantics seems to be undocumented. At least, I couldn't find
> any reference that would explain the behaviour of a Windows SMB server.
> Fwiw, Samba implements the same behaviour since many many years.
> What I'm observing is that when setting an SD on a file or directory,
> the resulting value of the flag "DACL Auto-Inherited" (DI) depends on
> the values of both "DACL Auto-Inherited" (DI) and DACL Computed
> Inheritance Required (DC).
> Only if DI and DC are set in the client SD, the resulting SD will have DI.
oh, forgot to attach a network trace that shows this. Here, the set SD request has only DI set and as a result, DI is not set in the resulting SD.
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
More information about the cifs-protocol