[Samba] nt acl inheritance
felix.joussein at gmx.at
Mon May 16 05:42:44 MDT 2011
I've observed the following missbehaivoure, while playing around with nc
acl's. (see relevant configuration below):
Working with Windows XP:
Open acl enabled share
Set default share permissions by right click on the explorer's top left
clip control -> properties.
Under security I remove the CREATOR-OWNER and CREATORUSER Group, as I
already know, that these two default groups cause trouble while saving
acl's and result in a Windows Error Message "Invalid Parameter". Also I
set some default security settings for users and groups accordingly to
my needs and I apply it to This Folder, and any sub folder or file.
After applying to all new settings, I create a folder.
As expected my default share security settings have been inherited to
the new folder.
I add an additional user to the acl and take care, that the inheritance
is also "Folder, sub folder and file".
I create a new sub folder to this one and check the acl.
Here is the unwanted behavior: The new sub folder got user permissions
from it's parent folder, but unlike the default share permissions which
have been inherited, the additional user's permissions have not been
inherited but have been copied. When I set the option "Inherit
permissions to sub elements as far as applicable", and apply, then a new
acl entry is created with the same user but this time inherited. Now I
can delete the copied settings, and apply to everything.
I hope, these explanations where clear enough.
Here now the configuration:
comment = ACL Labor
path = /home/acllabor
vfs objects = acl_xattr
read only = no
browsable = yes
valid users = me,you
acl map full control = false
inherit acls = yes
map acl inherit = yes
map read only = Permissions
map archive = no
map hidden = no
map system = no
nt acl support = yes
acl group control = true
dos filemode = yes
enable privileges = yes
store dos attributes = yes
/dev/mapper/system-user on /home type ext4
any help appreciated!
More information about the samba