[Samba] Is ACL+extended attributes exclusive with mask/mode family options?
David Roid
dataroid at gmail.com
Wed Dec 29 04:14:22 MST 2010
Thanks for the clarification.
2010/12/29 TAKAHASHI Motonobu <monyo at monyo.com>
> 2010/12/29 David Roid <dataroid at gmail.com>:
> > Further experiment reveals that if "vfs objects" is removed then "create
> > mask" works. I know vfs_acl_xattr is needed to keep windows ACL here ( I
> > suppose it's step1 ), but why doesn't it honor mask options ( step2 and
> > step3 )? Or settings in the share above are just not supposed to work
> > together?
>
> vfs_acl_xattr sets "inherit acls = yes" automatically.
>
> "inherit acls = yes" makes permission of files newly created inherited
> from the default acls of their parent directory regardless of create mask
> or
> such kind of parameters.
>
> > ... the final permission is caculated by below filters in the order used
> by
> > Samba:
> > 1. Apply any DOS attribute mapping options << I take this as
> > either map DOS attributes to execute bits, or store DOS attributes in
> > extended attributes. Correct?
> > 2. Apply the create mask settings
> > 3. Apply the force create mode settings.
>
> If neither "inherit acls" nor "inherit permissions" is set, you are right.
>
> ---
> TAKAHASHI Motonobu <monyo at samba.gr.jp>
>
More information about the samba
mailing list