Hi, I have a problem with the inheritance of ACLs, respectively the removal of the inherited ACLs in subdirectories. The following szenario:
By default the access rights (including ACLs) should be inherited, but it should also be possible to remove the access rights from any subdirectory. Therefore I've set up the following configuration: [Finanzen] path = /shares/finanzen msdfs root = no writeable = yes browseable = yes public = no create mode = 0744 directory mode = 0755 force create mode = 00 force directory mode = 00 security mask = 0777 directory security mask = 0777 force security mode = 00 force directory security mode = 00 locking = 1 blocking locks = 1 strict locking = 0 oplocks = 1 level2 oplocks = 1 fake oplocks = 0 csc policy = manual nt acl support = 1 inherit acls = 1 inherit owner = no inherit permissions = yes dos filemode = no [EMAIL PROTECTED]:/shares# getfacl finanzen/ # file: finanzen # owner: crunchy # group: Share\040Admins user::rwx group::rwx group:Domain\040Users:r-- mask::rwx other::--- default:user::rwx default:group::--- default:group:Domain\040Users:r-- default:mask::rwx default:other::--- The ACLs for Domain Users were set with a Windows client after that a subdirectory TEST01 was created (BTW the group sticky bit is set): [EMAIL PROTECTED]:/shares# getfacl finanzen/TEST01/ # file: finanzen/TEST01 # owner: crunchy # group: Share\040Admins user::rwx user:root:rwx group::rwx group:Domain\040Users:r-- mask::rwx other::--- default:user::rwx default:group::--- default:group:Domain\040Users:r-- default:mask::rwx default:other::--- When I try to remove the access rights for Domain Users on TEST01 (via Properties->tab Security->button Advanced...) the following happens: clicking the remove button results in the disappearance of the entry; as expected. After clicking the apply button the entry is back again in the list. It looks like 'inherit acls' does not allow removing the inherited access rights on subdirectories. When I remove the access to TEST01 for Domain Users with setfacl [-d] -x ... (POSIX ACLs and Default POSIX ACLs) and add any other access right to the directory via Windows the access rights for Domain Users are added again. Has anyone an idea why this happens? Is there a mistake in my configuration? If you need any further information just ask. thanks in advance Andreas -- Andreas Büsching <[EMAIL PROTECTED]> fon: +49 421 22 232- 0 Entwicklung Linux for Your Business Univention GmbH http://www.univention.de/ fax: +49 421 22 232-99
signature.asc
Description: This is a digitally signed message part.
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba