[Samba] 3.2.4 ACL inheritance trouble
Jeremy Allison
jra at samba.org
Tue Nov 4 13:59:06 GMT 2008
On Tue, Nov 04, 2008 at 02:16:24PM +0100, Peter Rindfuss wrote:
> Hi,
>
> Since 3.2.4 (maybe earlier, but I doubt it), one important feature does
> not work anymore for me:
>
> I cannot break ACL inheritance anymore in the Windows ACL editor. With
> previous Samba versions, I entered the "Advanced" dialog of the Windows
> ACL editor and unchecked the flag "Inherit from parent the permission
> entries that apply to child objects. Include these with entries
> explicitly defined here". Afterwards, I could remove or change ACLs as
> needed. If I do this now, ACLs that exist on the next higher directory
> level re-appear after having deleted them.
>
> Are there changed configuration options or am I missing something else here?
>
> Breaking inheritance is very important in our system as we often need to
> restrict access to subdirectories.
>
> At the moment, I can only try to modify ACLs on the Linux level in order
> to get the desired behavior.
Can you help me determine when this behavior changed ?
3.2.3 has a small change here that might affect this,
but I'd be very interested to know if this was in 3.2.0,
3.2.1 or 3.2.3 (when it was introduced).
I'm travelling at the moment with no access to
Windows VM's to test this with, so if you need me
to reproduce it'll have to wait until next monday
(US Pacific time).
Jeremy.
More information about the samba
mailing list