Looks like we do not have self-tests for smbcacls

Uri Simchoni uri at samba.org
Thu Aug 3 19:46:40 UTC 2017

On 08/03/2017 04:09 PM, Noel Power wrote:
> Hi Uri
> On 03/08/17 12:53, Uri Simchoni wrote:
>> 4. In the docs, there's a modification saying the flags serve smbcacls -
>> well they serve the SMB server too when creating new files and folders
>> (I think they are an artifact of the NTFS file system, and Samba
>> emulates that behavior).
> Not sure what modification you mean, can you elaborate

Sorry for not being specific enough. I was referring to patch 3/4:

> @@ -229,18 +234,22 @@ ACL:<sid or name>:<type>/<flags>/<mask>
>         determine the type of access granted to the SID. </para>
>         <para>The type can be either ALLOWED or DENIED to allow/deny access
> -       to the SID. The flags values are generally zero for file ACEs and
> -       either 9 or 2 for directory ACEs.  Some common flags are: </para>
> +       to the SID.</para>
> +
> +       <para>The flags field defines how the ACE should be considered when
> +       performing inheritance. <command>smbcacls</command> uses these flags
> +       when run with <parameter>--propagate-inheritance</parameter>.</para>

Everything written about the flags is true, and the previous text is
admittedly bad. However, IMHO, we should add the role those flags play
when later creating new files, not only when modifying an ACL. When
settings the ACL of an empty dir via smbcacls, one should carefully
consider the flags, even though there's nothing to propagate.


More information about the samba-technical mailing list