smbcacls support for automatic inheritance propagation
ddiss at suse.de
Fri Jan 31 03:42:14 MST 2014
On Fri, 31 Jan 2014 09:56:03 +0000, Noel Power wrote:
> Hi David
> On 30/01/14 17:20, David Disseldorp wrote:
> > On Thu, 30 Jan 2014 15:41:00 +0000, Noel Power wrote:
> >> On 29/01/14 17:50, David Disseldorp wrote:
> >>> - What happens in the following scenario:
> >>> parent_dir
> >>> +---child_dir
> >>> +-----nested_file
> >>> 1) setacl(parent_dir, allow:ddiss:read, OI)
> >>> 2) setacl(child_dir, allow:noelp:write, OI)
> >>> Does nested_file end up with both allow: ACEs, or would propagation
> >>> during setacl(child_dir,...) remove the inherited allow:ddiss ACE?
> >> it would remove it (if set would work) but remember from above
> >> attempting to set is prohibited
> > Would it remain on --add, --modify and --delete?
> I'm not sure the example above is immediately transferable (with a
> useful result) but... it I see what you are getting at, I think the
> question you are really asking is,
> "are inherited attributes from the parent of the container the smbcalcs
> operation is applied to taken into account?" The answer is no. the
My question is, do inherited ACEs applied previously to a directory
tree remain when smbcacls --propagate-inheritence is invoked against the
same directory tree at a lower point. I'll run some tests with your
latest round of changes.
> result of the smbcacl operation (with '--propagate-inheritence') on the
> parent is the same as when you issue smbcacls (without
> '--propagate-inheritence') The propagation result is applied 'after' to
> all children. So I think now the I actually meant to remove the '--set'
> error (sorry I am struggling to recall after the time that has passed).
Please post a new round of patches with what you have in mind here.
More information about the samba-technical