Setting ACLs when creating files from Windows

Corinna Vinschen corinna at
Thu Aug 7 15:04:35 GMT 2008

On Aug  7 10:20, simo wrote:
> On Thu, 2008-08-07 at 15:32 +0200, Corinna Vinschen wrote:
> > Well, in theory I don't care if it's a network FS or a local FS.
> > Cygwin's open() code simply tries to create files with a SD which
> > contains the current user, its primary group and an Everyone ACE,
> > regardless of the underlying FS.  This works fine on local and remote
> > Windows filesystems, just not on Samba which needs the described
> Yes but what happens on the remote windows filesystem ?
> Do you just set an arbitrary SID there? This will work, but is probably
> not what your users want.

It's not an arbitrary SID, it's the SID of the current user on the
client machine...

> > workaround, and on NFS, which uses an entirely different mechanism, the
> > extended attributes approach.  It's not exactly Samba's fault, it's just
> > annoying that so many different code paths are required to get the same
> > result on different filesystems.  I had hoped for a simpler approach.
> You should probably treat a remote windows filesystem and samba the same
> way, unless your machines are in a domain and you are using domain users
> I think you are setting unwanted SIDs on the remote windows machine.

... but I start to see what you mean.  When not in a domain, the default
behaviour is to create the files on the remote machine as the remote
user the local user has authenticated as, while in a domain, the user
has authenticated as itself and files are created as that user.  The
workaround I created for Samba maintains this behaviour.  OTOH, using a SD
for the current user creates a new behaviour in that the file owner
is the user of the client machine when running in a non-domain env.


More information about the samba-technical mailing list