[Samba] Replicating Windows Inheritance
John Kristensen
John.Kristensen at dpipwe.tas.gov.au
Tue Sep 28 19:57:59 MDT 2010
Hello All,
I have been spending a bit of time playing around with trying to get permission
inheritance to work in a similar way to what our Windows team is used to with
their Windows servers.
The behaviour I am after is to following:
1. Create a new folder
2. Select the new folder and go to Properties -> Security -> Advanced
3. Tick the "Inherit from parent the permission entries that apply to child
objects..."
4. Click Apply/OK as necessary to close the options windows
5. Create a new sub-folder in the previously created folder
6. Select the new sub-folder and go to Properties -> Security -> Advanced
7. I should see that "Inherit from parent..." is already ticked by default
'map acl inherit = yes' would seem to be the option I am after. It does seem to
work on individual folders, but does not propagate the "Inherit from parent..."
option by default when new sub-folders are created.
'inherit permissions = yes' and 'inherit acls = yes' work OK for settings the
permissions correctly when a file/folder is newly created, but falls over when
permissions need to changed at a later stage.
Am I missing something obvious? or is this behaviour not able to be reproduced
using samba?
Cheers,
John.
== Some (Hopefully) Useful Info ==
ACLs and Extended Attributes are enabled on the file-system
# smbd -V
Version 3.4.8
# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[share1]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = TESTLAB
realm = TEST.LAB
server string = testsamba
security = ADS
password server = testlabad.test.lab, *
syslog = 0
log file = /var/log/samba/log.smbd
unix extensions = No
load printers = No
local master = No
domain master = No
dns proxy = No
panic action = /usr/share/samba/panic-action %d
idmap uid = 1000000-10000000
idmap gid = 1000000-10000000
winbind separator = +
winbind cache time = 600
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config TESTLAB:default = yes
idmap config TESTLAB:range = 1000000-1999999
idmap config TESTLAB:backend = rid
admin users = "@TESTLAB+Domain Admins"
read only = No
inherit permissions = Yes
inherit acls = Yes
map acl inherit = Yes
[share1]
comment = Test Share 1
path = /srv/share1
More information about the samba
mailing list