[cifs-protocol] [EXTERNAL] Re: MS-SMB2/MS-FSA: setting SD inherited ACL flag "DACL Auto-Inherited" (DI)

Obaid Farooqi obaidf at microsoft.com
Mon May 10 19:18:10 UTC 2021

Hi Ralph:
I'll help you with this issue and will be in touch as soon as I have an answer.

Obaid Farooqi
Escalation Engineer | Microsoft

-----Original Message-----
From: Ralph Boehme <slow at samba.org> 
Sent: Monday, May 10, 2021 3:22 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org
Subject: [EXTERNAL] Re: MS-SMB2/MS-FSA: setting SD inherited ACL flag "DACL Auto-Inherited" (DI)

Am 5/10/21 um 9:33 AM schrieb Ralph Boehme via cifs-protocol:
> I've noticed that a wellknown behaviour with regards to ACL control 
> flags semantics seems to be undocumented. At least, I couldn't find 
> any reference that would explain the behaviour of a Windows SMB server.
> Fwiw, Samba implements the same behaviour since many many years.
> What I'm observing is that when setting an SD on a file or directory, 
> the resulting value of the flag "DACL Auto-Inherited" (DI) depends on 
> the values of both "DACL Auto-Inherited" (DI) and DACL Computed 
> Inheritance Required (DC).
> Only if DI and DC are set in the client SD, the resulting SD will have DI.

oh, forgot to attach a network trace that shows this. Here, the set SD request has only DI set and as a result, DI is not set in the resulting SD.


Ralph Boehme, Samba Team                https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
GPG-Fingerprint   FAE2C6088A24252051C559E4AA1E9B7126399E46

More information about the cifs-protocol mailing list