i reply to myself for future reference
I logged in as root on the member server and set recursively the ACL
defaults with setfacl (so the newly created folders came with this mask)
Default Owner (Read Write Execute):
default:u:administrator:rwx
Default Group (Read Write Execute):
default:g:'domain users':rwx
then forced the ownership and group of the actual directories
Set Owner (Read Write Execute)
u:administrator:rwx
Set Group (Read Write Execute)
g:'domain users':rwx
in one command:
setfacl -R -m default:g:'domain users':rwx,g:'domain
users':rwx,default:u:administrator:rwx,u:administrator:rwx /PATH/TO/SHARES/
Lorenzo Faleschini
IT Manager @ Nord Est Systems srl
----------------------------------------
m: +39 335 6055225 | skype: falegalizeit
Il 23/09/2014 12:53, Lorenzo Faleschini ha scritto:> Hi folks,
>
> I've a working samba 4.1 DC + a 4.1 member server, winbind and UID GID
> working
> I have all the shares on member server, and the UNIX permissions are
> set to 770 Administrator:DomainUsers. To rule other permissions I
> generally use the Security TAB ACLs.
>
> my problem is:
> when a user create a new subfolder only he can access to it (and no
> other from DomainUsers), unless I change the ACL manually.
> is there an option to set somewhere to mantain parent folder's ACLs?
>
> thanks
>
>
> --
>
> Lorenzo Faleschini
> IT Manager @ Nord Est Systems srl
> ----------------------------------------
> m: +39 335 6055225 | skype: falegalizeit