different ACL behavior since 3.0.25

simo idra at samba.org
Thu Sep 13 16:31:26 GMT 2007


Since a use reported this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=283381

I am thinking if the current behavior is correct or if it could be
different (assuming we can avoid breaking apps).

The problem can be summarized like this:
even when "inherit acls" is set to "no" we keep inheriting ACLs from
Parent directories, not only on file creation, but at any file ACL
manipulation from a windows client.

It seem this behavior is now required by MS Excel and Jeremy coded it
up, but should we still inherit ACLs when "inherit acls" is turned off ?

Jeremy,
can you explain briefly what would happen if we deny inheriting ACLs in
the "inherit acls = no" ?
And how we deal when acls are simply not available on the file system?

It may just be a documentation problem, but this behavior is completely
unexpected and as we know "security" and "unexpected" is BAD, we should
at least prominently document this change if the current behavior is
deemed absolutely correct an unchangeable independently of "inherit
acls/inherit permissions/inherit owner" settings.

Thanks,
Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org



More information about the samba-technical mailing list