[Samba] Default Posix ACLs are ignored when copying files between two directories using Windows (XP)

Jeffrey M. Lewis jeffrey.lewis at sri.com
Fri Apr 7 23:50:53 GMT 2006

Hi Fabio,

I'm seeing this exact same behavior on my Samba server.  For what it's
worth, I also see this same behavior with shares/folders on a Windows NT
system.  It seems Samba/Linux and Windows NT behave the same in this regard.

One thing you can do is tell your users to "copy" files from directory A to
directory B, then delete the original files from directory A.  It's
annoyingly inconvenient, (and inefficient) but it works.

I've taken to running the following command from my Samba server whenever my
users "move" files between directories with different ACLs,

	cd /path/to/directoryB
	getfacl . | setfacl -R --set-file=- *

Another thing you can do is put directory A and directory B on different
filesystems.  This will cause ext3 (or whatever) to actually create new
inodes for each file and set the permissions appropriately.  (This isn't an
option in my environment, but might be for you.)

Let me know if you find a more elegant solution!



> -----Original Message-----
> From: samba-bounces+jeffrey.lewis=sri.com at lists.samba.org 
> [mailto:samba-bounces+jeffrey.lewis=sri.com at lists.samba.org] 
> On Behalf Of Fabio Muzzi
> Sent: Friday, March 31, 2006 3:45 AM
> To: samba at lists.samba.org
> Subject: [Samba] Default Posix ACLs are ignored when copying 
> files between two directories using Windows (XP)
> I have tried to read the documentation, but I was not able to 
> find a clear
> solution  to my problem. I run Samba 3.0.14a on a Debian 
> system with Posix
> ACLs.
> I  have  a  share  on  a  file system that uses Posix ACLs, 
> and I have two
> directories in that share. Both directories have default ACLs 
> set, so that
> every  new  file  (or  directory) created under each 
> directory (by Windows
> XP/2000 clients) gets default permissions correctly.
> Now,  when  a  user  that  has "rwx" permissions on both 
> directories tries
> (from a WinXP box) to move a subtree from from directory A to 
> directory B,
> the  moved  tree  (files and directories) keeps all of the 
> the ACLs (Posix
> and also standard user/group/other) and file ownership (user 
> and group) it
> had when it was under directory A, ignoring completely the 
> defaults set in
> directory B.
> This makes the moved subtree unreadable to users of directory 
> B, which are
> not allowed to open files from directory A.
> Is  there some solution to this issue? Maybe I need to set 
> "inherit acls =
> yes"?
> I basically want ACLs to be ALWAYS the default ones, as set 
> on the topmost
> directory, nothing more and nothing less.
> Thanks for your help.
> -- 
>   Fabio "Kurgan" Muzzi
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list