[Samba] Samba and POSIX ACLs

Jeremy Allison jra at samba.org
Fri Aug 12 17:40:32 UTC 2016

On Fri, Aug 12, 2016 at 07:27:00PM +0200, Reindl Harald via samba wrote:
> Am 12.08.2016 um 18:57 schrieb Jeremy Allison via samba:
> >On Fri, Aug 12, 2016 at 11:20:47AM -0500, Sergei Gerasenko via samba wrote:
> >>It looks like this is a long known issue:
> >>
> >>https://bugzilla.samba.org/show_bug.cgi?id=10792
> >
> >If by long known you mean "as designed". As Samba supports
> >ACL setting on files/directories we don't restrict what
> >happens to them after creation.
> >
> >For creation you can set "create mask" and "directory mask"
> >but the client can change it afterwards
> well, an option to igore that clients wish (and the same for the
> normal unix permissions) would be nice because Apple stuff tends to
> trying be smarter than the admin which knows how permissions have to
> look like so that all users which needs access have it
> and that is often *exatly* as the sharepoint with no exception
> because access to shares is granted by asign users to specific
> group*s*

We used to have that. Was called "security mask" and "directory
security mask". It got removed as there was no way to differentiate
between the "create" action and "modify permissions" action at
the level below the VFS.

More information about the samba mailing list