smbcacls support for automatic inheritance propagation

David Disseldorp ddiss at
Fri Jan 31 03:42:14 MST 2014

Hi Noel,

On Fri, 31 Jan 2014 09:56:03 +0000, Noel Power wrote:

> Hi David
> On 30/01/14 17:20, David Disseldorp wrote:
> > On Thu, 30 Jan 2014 15:41:00 +0000, Noel Power wrote:
> >
> >> On 29/01/14 17:50, David Disseldorp wrote:
> [...]
> >>> - What happens in the following scenario:
> >>>   parent_dir
> >>> 	+---child_dir
> >>> 		+-----nested_file
> >>>   1) setacl(parent_dir, allow:ddiss:read, OI)
> >>>   2) setacl(child_dir, allow:noelp:write, OI)
> >>>   Does nested_file end up with both allow: ACEs, or would propagation
> >>>   during setacl(child_dir,...) remove the inherited allow:ddiss ACE?
> >> it would remove it (if set would work) but remember from above
> >> attempting to set is prohibited
> > Would it remain on --add, --modify and --delete?
> I'm not sure the example above is immediately transferable (with a
> useful result) but... it I see what you are getting at, I think the
> question you are really asking is,
> "are inherited attributes from the parent of the container the smbcalcs
> operation is applied to taken into account?" The answer is no. the

My question is, do inherited ACEs applied previously to a directory
tree remain when smbcacls --propagate-inheritence is invoked against the
same directory tree at a lower point. I'll run some tests with your
latest round of changes.

> result of the smbcacl operation (with '--propagate-inheritence') on the
> parent is the same[1] as when you issue smbcacls (without
> '--propagate-inheritence') The propagation result is applied 'after' to
> all children. So I think now the I actually meant to remove the '--set'
> error (sorry I am struggling to recall after the time that has passed).

Please post a new round of patches with what you have in mind here.

Cheers, David

More information about the samba-technical mailing list