ACL inheritance mess with win2k clients...

Jim McDonough jmcd at
Wed Oct 2 23:35:00 GMT 2002

>> Using a 2k client, that same checkbox is named "reset permissions on all
>> child objects and enable propagation of inheritable permissions", and it
>> causes the following behavior:  for each file/dir in a tree, it
>> the current permissions from parent to the child (so far so good), but
>> does it from the deepest point up, so what we get is:
>> /a/b/c/d/e gets /a/b/c/d's current permissions
>> /a/b/c/d gets /a/b/c's current permissions
>> /a/b/c gets /a/b's current permissions
>> /a/b gets /a's current permissions
>> /a gets set as you said.
>> When 2k does this to NT, it all works ok.  the 2k client is explicitly
>> setting everything the way you want.  Something is telling him to do it
>> differently with us.  I first suspected ACL revisions, but I did
>> that pretty quickly (two lines of change).  Any ideas here?
>So when a W2K client does this to a NT server, what pattern of ACL
>set operations gets done ?
The same acl gets applied to all, so the same set is done in this order:

So they all end up with the same thing.  It still even tries to set the
auto-inherited bit.

Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074

jmcd at
jmcd at

Phone: (207) 885-5565
IBM tie-line: 776-9984

More information about the samba-technical mailing list