[Samba] Looking for a set of definitive answers (long)
David Eisner
deisner at gmail.com
Fri May 23 22:16:59 GMT 2008
On Fri, May 23, 2008 at 5:59 PM, Jeremy Allison <jra at samba.org> wrote:
> On Fri, May 23, 2008 at 04:30:57PM -0400, David Eisner wrote:
>> On Thu, May 22, 2008 at 4:59 AM, Chris Osicki
>> <osk at admin.swisscom-mobile.ch> wrote:
>> >>
>> >> - Permissions don't propigate through the filesystem.
>> >>
>> >
>> > With POSIX ACL's they do. Take a look at "default ACL", it defines permissions
>> > newly created files/directories inherits from their parent directory.
>>
>> With Windows 2000+ (I believe), the inheritance is dynamic: changes
>> higher up in the tree can affect the permissions of child objects even
>> after they are created. (See http://support.microsoft.com/kb/223441
>> for example).
>
> No, that's not how it works. It's how it's spec'ed, but
> the client actually runs down the tree doing the changes,
> not the server.
>
> So Samba would work the same way (ie. the Windows client will
> do the permissions change walk down the tree against
> a Samba server as it would against a Windows server).
>
> Jeremy.
I'll check again. There's a bug where the "Allow inheritable
permissions from the parent to propagate to this object and all child
objects." checkbox immediately rechecks itself when it is
unchecked[1]. It's been awhile, but when I looked at the code, it
seemed to be related to this issue, particularly with
smbd/posix_acls.c/append_parent_acl() clobbering the flag. Even when
I changed the code so that the value of the flag was preserved, smbd
(as you suggest) did not propagate the changes down the tree. That
is, unchecking the inheritance flag did not in fact result in the
inherited ACL entries being removed. Apparently the windows client
didn't do the recursive removal, either.
-David
[1] https://bugzilla.samba.org/show_bug.cgi?id=5052
--
David Eisner http://cradle.brokenglass.com
More information about the samba
mailing list