[Samba] 3.2.4 ACL inheritance trouble

Peter Rindfuss rindfuss at wzb.eu
Tue Nov 4 15:23:03 GMT 2008

On 2008-11-04 14:59, Jeremy Allison wrote:
> On Tue, Nov 04, 2008 at 02:16:24PM +0100, Peter Rindfuss wrote:
>> Hi,
>> Since 3.2.4 (maybe earlier, but I doubt it), one important feature does  
>> not work anymore for me:
>> I cannot break ACL inheritance anymore in the Windows ACL editor. With  
>> previous Samba versions, I entered the "Advanced" dialog of the Windows  
>> ACL editor and unchecked the flag "Inherit from parent the permission  
>> entries that apply to child objects. Include these with entries  
>> explicitly defined here". Afterwards, I could remove or change ACLs as  
>> needed. If I do this now, ACLs that exist on the next higher directory  
>> level re-appear after having deleted them.
>> Are there changed configuration options or am I missing something else here?
>> Breaking inheritance is very important in our system as we often need to  
>> restrict access to subdirectories.
>> At the moment, I can only try to modify ACLs on the Linux level in order  
>> to get the desired behavior.
> Can you help me determine when this behavior changed ?
> 3.2.3 has a small change here that might affect this,
> but I'd be very interested to know if this was in 3.2.0,
> 3.2.1 or 3.2.3 (when it was introduced).
> I'm travelling at the moment with no access to
> Windows VM's to test this with, so if you need me
> to reproduce it'll have to wait until next monday
> (US Pacific time).

Sorry, not possible. 3.2.x was introduced here when upgrading from Suse 
10.0 to OpenSuse 11.0. OpenSuse 11 comes with 3.2.0, I think, but when 
we went to production use, we already had installed 3.2.4. That was 2 
weeks ago.
The "(maybe earlier, but I doubt it)" in my original post makes no sense 
  as we did not test it with any earlier version than 3.2.4.

I found some possibly discussion at 

Best, Peter Rindfuss

More information about the samba mailing list