[Samba] Is ACL+extended attributes exclusive with mask/mode family options?

TAKAHASHI Motonobu monyo at monyo.com
Wed Dec 29 04:06:21 MST 2010

2010/12/29 David Roid <dataroid at gmail.com>:
> Further experiment reveals that if "vfs objects" is removed then "create
> mask" works. I know vfs_acl_xattr is needed to keep windows ACL here ( I
> suppose it's step1 ), but why doesn't it honor mask options ( step2 and
> step3 )? Or settings in the share above are just not supposed to work
> together?

vfs_acl_xattr sets "inherit acls = yes" automatically.

"inherit acls = yes" makes permission of files newly created inherited
from the default acls of their parent directory regardless of create mask or
such kind of parameters.

> ... the final permission is caculated by below filters in the order used by
> Samba:
> 1. Apply any DOS attribute mapping options              << I take this as
> either map DOS attributes to execute bits, or store DOS attributes in
> extended attributes. Correct?
> 2. Apply the create mask settings
> 3. Apply the force create mode settings.

If neither "inherit acls" nor "inherit permissions" is set, you are right.

TAKAHASHI Motonobu <monyo at samba.gr.jp>

More information about the samba mailing list