Hello I have a problem with POSIX ACLs. I have created a directory with these ACLs:
> getfacl . # file: . # owner: testuser # group: tls user::rwx group::rwx group:ptls:r-x mask::rwx other::--- default:user::rwx default:group::rwx default:group:tls:rwx default:group:ptls:r-x default:mask::rwx default:other::--- When I create a file in it, it inherits the containing directory's default ACLs and it's ACL mask is set to rw- (for directory it would be rwx), which essentialy marks it not executable. > touch test # getfacl test # file: test # owner: root # group: root user::rw- group::rwx #effective:rw- group:tls:rwx #effective:rw- group:ptls:r-x #effective:r-- mask::rw- other::--- The problem arises when I create another file from a Windows machine on the network drive which points to the same directory. The mask stays rwx as for directory and file is executable. > getfacl test.txt ### Empty text file created in Windows # file: test.txt # owner: hrubsa # group: hrubsa user::rwx group::rwx group:tls:rwx group:ptls:r-x mask::rwx other::--- Relevant part of smb.conf: read only = No create mask = 0666 security mask = 0666 inherit acls = Yes map acl inherit = Yes map archive = No map readonly = no store dos attributes = Yes wide links = No After setting inherit acls = No, the create/security mask were applied to standard unix permissions, but not on ACL entries. > getfacl test2.txt # file: test2.txt # owner: hrubsa # group: hrubsa user::rw- group::rw- group:tls:rwx group:ptls:r-x mask::rwx other::rw- The problem is I need to share this directory through samba and use it on Debian Linux at the same time, I don't want all files created in Windows to be executable in Linux. Maybe I'm blind and I don't see the way to configure it, maybe it has to be changed in samba source to allow this behavior (setting mode when creating new files?). What do you think? Thank you for your answers -- Regards Juraj Hrubsa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba