[Samba] chown destroys ACLs

[Klaus Hartnegg]

On 17.07.2014 16:02, Rowland Penny wrote:
> You posted 'fs objects = acl_xattr' was this a typo?

The 'v' was lost in copy & paste.

> also do you have the 'attr' package installed.

Yes

> A quick test by creating a test dir by root and adding a users ACL with
> setfacl and then changing the owner and group via chmod & chgrp never
> touched the ACL.

Yes, but when ACL was changed in Windows, doing chown in Linux resets 
the Windows-ACL to the Linux-ACL. Is there a way to prevent this?

> Having said all that, why are you altering the ownership of the
> directories and files on Linux, set them (as per the wiki) once on
> linux, then set or change them from a windows client.
>
> If you don't have any windows clients, learn how to use setfacl.

I have *only* Windows clients, but each day some directories and files 
are created by a process that does not set owner and permissions. I 
tried to use setfacl, smbcacls, and samba-tool ntacl. None of them works:
- smbcacls fails to propagate inherited permissions.
- samba-tool says "ERROR: Unable to read domain SID"
- setfacl puts things into the Windows ACL that do not belong there, for 
example Unix Group, and other options cannot be set.

So I used icacls in Windows to set permissions and owner, although it is 
awfully slow when changing files on a Samba server. But when I then look 
at the files in Linux, they have the wrong owner. When I fix this with 
chown, then the Windows-ACL is gone. So I must first chown in Linux, 
then icacls in Windows, or accept that the owner shown in Linux is 
unreliable.

There should really be an easier way to do this.

Klaus