[Samba] user.SAMBA_PAI and ACL inheritance

S. J. van Harmelen sander.vanharmelen at isp.solcon.nl
Mon Aug 7 11:17:16 GMT 2006

I have just enabled user_xattr on the partition where my samba share is
on. Now when I use getfattr I see the extended attribute user.SAMBA_PAI
on my files. But ACL inheritance isn't taking place...

When I (from within Windows) click on Properties > Security > Advanced
an then enable "Allow inheritable permissions..." on a certain file,
then the attribute user.SAMBA_PAI disappears and the ACL rights are

Changing "map acl inheritance" between yes or no does not change this

Can someone enlighten me on how this should work (let files inherit
acls) an why this worked when the share was mounted without user_xattr?

I use samba 3.0.21b-1 by the way... and here is my smb.conf:

        security = ads
        password server = server01
        encrypt passwords = true
        workgroup = workgroup
        realm = DOMAIN.LOCAL
        netbios name = server02

        log file = /var/log/samba/samba.log
        log level = 2
        syslog = 0

#       ea support = yes
        nt acl support = yes
#       map acl inherit = yes

        change notify timeout = 5

        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        winbind nested groups = yes
        winbind use default domain = yes

        comment = wwwroot
        path = /usr/home/ws.old/wws01
        read only = no
        browsable = yes
        writable = yes
        dos filemode = yes
        acl group control = yes
        veto oplock files = /*.mdb/*.MDB/
        create mask = 0770
        force create mode = 0440
        directory mask = 0771
        force directory mode = 0771
        security mask = 0777
        force security mode = 0440
        directory security mask = 0777
        force directory security mode = 0771

More information about the samba mailing list