ACL inheritance mess with win2k clients...

jra at jra at
Wed Oct 2 22:28:00 GMT 2002

On Tue, Oct 01, 2002 at 04:36:18PM -0400, Jim McDonough wrote:
> Setting ACLs from an NT4 client, checking the box that says "reset
> permission on child objects", everything seems to work fine.  I'm using
> current SAMBA_2_2.
> Using a 2k client, that same checkbox is named "reset permissions on all
> child objects and enable propagation of inheritable permissions", and it
> causes the following behavior:  for each file/dir in a tree, it propagates
> the current permissions from parent to the child (so far so good), but it
> does it from the deepest point up, so what we get is:
> /a/b/c/d/e gets /a/b/c/d's current permissions
> /a/b/c/d gets /a/b/c's current permissions
> /a/b/c gets /a/b's current permissions
> /a/b gets /a's current permissions
> /a gets set as you said.
> When 2k does this to NT, it all works ok.  the 2k client is explicitly
> setting everything the way you want.  Something is telling him to do it
> differently with us.  I first suspected ACL revisions, but I did eliminate
> that pretty quickly (two lines of change).  Any ideas here?

So when a W2K client does this to a NT server, what pattern of ACL
set operations gets done ?


More information about the samba-technical mailing list