[Samba] Replicating Windows Inheritance

Tue, 28 Sep 2010 19:13:06 -0700 

Hello All,
I have been spending a bit of time playing around with trying to get permission inheritance to work in a similar way to what our Windows team is used to with their Windows servers. 

The behaviour I am after is to following:

 1. Create a new folder
 2. Select the new folder and go to Properties -> Security -> Advanced

 3. Tick the "Inherit from parent the permission entries that apply to child 
objects..."

 4. Click Apply/OK as necessary to close the options windows
 5. Create a new sub-folder in the previously created folder
 6. Select the new sub-folder and go to Properties -> Security -> Advanced
 7. I should see that "Inherit from parent..." is already ticked by default


'map acl inherit = yes' would seem to be the option I am after. It does seem to 
work on individual folders, but does not propagate the "Inherit from parent..." 
option by default when new sub-folders are created.



'inherit permissions = yes' and 'inherit acls = yes' work OK for settings the 
permissions correctly when a file/folder is newly created, but falls over when 
permissions need to changed at a later stage.



Am I missing something obvious? or is this behaviour not able to be reproduced 
using samba?


Cheers,
John.


== Some (Hopefully) Useful Info ==
ACLs and Extended Attributes are enabled on the file-system


# smbd -V
Version 3.4.8


# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[share1]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
        workgroup = TESTLAB
        realm = TEST.LAB
        server string = testsamba
        security = ADS
        password server = testlabad.test.lab, *
        syslog = 0
        log file = /var/log/samba/log.smbd
        unix extensions = No
        load printers = No
        local master = No
        domain master = No
        dns proxy = No
        panic action = /usr/share/samba/panic-action %d
        idmap uid = 1000000-10000000
        idmap gid = 1000000-10000000
        winbind separator = +
        winbind cache time = 600
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        idmap config TESTLAB:default = yes
        idmap config TESTLAB:range = 1000000-1999999
        idmap config TESTLAB:backend = rid
        admin users = "@TESTLAB+Domain Admins"
        read only = No
        inherit permissions = Yes
        inherit acls = Yes
        map acl inherit = Yes

[share1]
        comment = Test Share 1
        path = /srv/share1
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba














    











					Reply via email to