[Samba] ACLs on Samba share not preserved when copying with Windows Explorer

Rowland Penny rowlandpenny241155 at gmail.com
Tue Aug 11 19:19:09 UTC 2015 

On 10/08/15 20:51, Andrew Martin wrote:
> I have a samba share (using Samba 3.6.3) running on an ext4 filesystem with the
> "acl" mount option. The samba share is configured as follows:
> [myshare]
>     path = /srv/myshare
>     browseable = no
>     public = no
>     guest ok = no
>     writable = yes
>     printable = no
>     create mode = 0660
>     directory mode = 0770
>     level2 oplocks = no
>     oplocks = no
>
> I have configured the following ACLs on the /srv/myshare directory:
> # file: myshare
> # owner: root
> # group: root
> # flags: -s-
> user::rwx
> user:user1:rwx
> user:user2:rwx
> group::rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:user1:rwx
> default:user:user2:rwx
> default:group::rwx
> default:mask::rwx
> default:other::---</pre>
>
> Note that this directory is owned by root:root and has the sgid bit set. User1
> connects via Windows Explorer on Windows 7 and creates some directories inside
> of /srv/myshare. If he saves files directly from a 3rd party program, e.g
> LibreOffice, into one of these subdirectories, the files inherit the ACLs
> correctly. However, if he copies a file via Windows Explorer into one of these
> newly-created subdirectories, all ACLs are removed from said file:
> # file: test.pdf
> # owner: user1
> # group: root
> user::rwx
> group::rwx
> other::---
>
> Strangely, if he performs the same operation, copying the same file with
> Windows Explorer to the root of the share, /srv/myshare, rather than a
> subdirectory, the permissions are preserved correctly:
> # file: test.pdf
> # owner: user1
> # group: root
> user::rw-
> user:user1:rwx
> user:user2:rwx
> group::rwx
> mask::rwx
> other::---
>
> Has anyone encountered this problem, or do you know what I can do to make
> ACLs inherit as expected?
>
> Thanks,
>
> Andrew Martin
>

Hi, is the share stored on a standalone server or an AD member server or 
what ?

Not that this should matter, your problem is most likely caused by you 
using ACLs and trying to enforce Unix permissions. You should use one or 
the other, not both.

Oh, and you don't have to use the 'acl' mount option with ext4, it is 
one of the 'defaults'

Rowland

More information about the samba mailing list