Problems with ACLs in 2.2.8

[Michael Steffens]

Jan Houstek wrote:
> server:
> 	linux 2.4.19 with xfs 1.2 and its ACL
> 	libacl 2.0.19
> 	samba 2.2.8 compiled from source with --with-acl-support
> 	acting as PDC
> 	interesting parts of smb.conf
> 		create mask = 0600
> 		directory mask = 0700
> 		[testshare]
> 			path = /data/testshare
> 			readonly = No
> client:
> 	1) Windows XP, servicepack 1.2a
> 	2) smbmount from another linux box
> 
> server:~# getfacl /data/testshare/testdir
> # file: testdir
> # owner: testuser
> # group: users
> user::rwx
> group::---
> group:somegroup:r-x
> group:anothergroup:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::---
> default:group:somegroup:r-x
> default:group:anothergroup:rwx
> default:mask::rwx
> default:other::---
> 
> server:~# umask 007
> server:~# mkdir /data/testshare/testdir/test1
> server:~# getfacl /data/testshare/testdir/test1
> # file: test1
> # owner: root
> # group: root
> user::rwx
> group::---
> group:somegroup:r-x
> group:anothergroup:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::---
> default:group:somegroup:r-x
> default:group:anothergroup:rwx
> default:mask::rwx
> default:other::---
> 
> On windows:
> 	logon to domain as testuser
> 	create test2 in testdir (right mouse button -> New -> Folder)
> 
> server:~# getfacl /data/testshare/testdir/test2
> # file: test2
> # owner: testuser
> # group: users
> user::rwx
> group::rwx			# !!! problem !!!
> group:somegroup:r-x
> group:anothergroup:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::---
> default:group:somegroup:r-x
> default:group:anothergroup:rwx
> default:mask::rwx
> default:other::---

I could (almost) reproduce it on HP-UX, and (almost) fix it
using "inherit acls = Yes". :)

Both "almost" refer to mask (or class, respectively) behaving
a bit strange. But this might be platform specific.

Maybe using "inherit acls" could already do the job in your
setup?

Cheers!
Michael