[Samba] Dealing with permission inheritance for CIFS Windows and NFS Linux clients accessing same data

Ken McDonald ken at generation.tech
Mon Mar 19 04:16:50 UTC 2018

How can I best handle file & directory permissions & inheritance when 
accessing the same data on a remote server from Windows clients through 
a CIFS share and Linux clients through an NFS export?

I have Samba AD working and I believe Winbind is working because when I 
check permissions from the command line, whether locally on the server 
or a remote Linux client, with ls, getfacl, getfattr, nfs4_getfacl, or 
nfs4_getfattr, I can see Samba AD usernames and groups.

For example:

1) I set permissions from a remote Windows client on a remote top-level 
directory (mapped through CIFS to a server share)

2) If on the Windows client, I create subdirectories & files, the 
inherited permissions ARE the same as the top-level (inherited correctly 
as expected)

3) But if on a remote Linux Mint client (with a local directory mounted 
from a remote NFS4 export on the server -- same directory as CIFS 
share), I create subdirectories & files, the inherited permissions are 
NOT the same as the top-level

Is it even possible to get relatively the same inheritance behavior from 
CIFS & NFS4 accessing the same data?

This is the top-level directory
Good perms inherited by Windows-made CIFS file
Bad perms inherited by Linux-made NFS4 file

More information about the samba mailing list