ACL inheritance mess with win2k clients...

Jim McDonough jmcd at
Tue Oct 1 20:38:45 GMT 2002

Setting ACLs from an NT4 client, checking the box that says "reset
permission on child objects", everything seems to work fine.  I'm using
current SAMBA_2_2.

Using a 2k client, that same checkbox is named "reset permissions on all
child objects and enable propagation of inheritable permissions", and it
causes the following behavior:  for each file/dir in a tree, it propagates
the current permissions from parent to the child (so far so good), but it
does it from the deepest point up, so what we get is:

/a/b/c/d/e gets /a/b/c/d's current permissions
/a/b/c/d gets /a/b/c's current permissions
/a/b/c gets /a/b's current permissions
/a/b gets /a's current permissions
/a gets set as you said.

When 2k does this to NT, it all works ok.  the 2k client is explicitly
setting everything the way you want.  Something is telling him to do it
differently with us.  I first suspected ACL revisions, but I did eliminate
that pretty quickly (two lines of change).  Any ideas here?

Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074

jmcd at
jmcd at

Phone: (207) 885-5565
IBM tie-line: 776-9984

More information about the samba-technical mailing list