[Samba] ACLs and Windows 2000 look alike (inheritance of permissions)

Buchan Milne bgmilne at cae.co.za
Fri Apr 25 12:40:40 GMT 2003

Hash: SHA1

> Date: Thu, 24 Apr 2003 10:41:39 -0700
> From: "Tom Dickson" <tdickson at inostor.com>
> To: "samba mailing list" <samba at lists.samba.org>
> Subject: [Samba] ACLs and Windows 2000 look alike (inheritance of
> Message-ID: <JPECIMBMOFCBKIOOKHIOOEMJCAAA.tdickson at inostor.com>
> Content-Type: text/plain;
> 	charset="iso-8859-1"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Precedence: list
> Message: 35
> I've gotten samba working with ACLs over an XFS filesystem. Everything
> pretty well with knowledge of the workarounds (cannot remove group
> etc.)
> The only major problem I have is that ACLs don't inherit correctly. The
> default in Windows 2000 is to have a sub folder inherit the permissions of
> the folder it is in on creation. By default, the Samba share's folders
> do this. Is there any way to make samba by default copy all the ACLs
when A
> folder is created? It does it if you manually check the "Allow inheritable
> permissions from parent to propagate to this object" box on the Security
> page of properties.
> If there is no way to do this in Samba (I'm using 2.2.5), can it be done
> with cacls.exe or some other item?

- From the man page for smb.conf (search for inherit with /inherit)

"inherit  acls  (S)  This parameter can be used to ensure that if
default acls exist on parent directories, they are  always  hon-
ored  when  creating a subdirectory.  The default behavior is to
use the mode specified when  creating  the  directory.  Enabling
this  option  sets  the  mode  to  0777,  thus guaranteeing that
default directory acls are propagated.

Default: inherit acls = no"

Note the (S) means this is a per-share option.


- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list