Jeremy Allison jra at
Fri Oct 19 17:14:30 GMT 2007

On Fri, Oct 19, 2007 at 05:29:24PM +0200, Volker Lendecke wrote:
> Hi, Jeremy!
> If I remember correctly, you at one point said that if
> SEC_DESC_DACL_AUTO_INHERIT_REQ is set during the
> set_security_descriptor call something magic happens with
> ACLs, namely that Windows copies the ACEs from the parent
> directories that are marked as inheritable are copied into
> the new security descriptor. I tried to reproduce this
> today, but I failed. Can you explain to me again what this
> actually does?

This is the condition to test :

                (psd->type & (SE_DESC_DACL_AUTO_INHERITED|
                         SE_DESC_DACL_AUTO_INHERIT_REQ) ) {

It needs both bits. If set, then the server must append the
parent inheritable ACE entries onto the ACL.


More information about the samba-technical mailing list