samba - Apr 2003 - ACLs and Windows 2000 look alike (inheritance of permissions)

I've gotten samba working with ACLs over an XFS filesystem. Everything works
pretty well with knowledge of the workarounds (cannot remove group everyone,
etc.)

The only major problem I have is that ACLs don't inherit correctly. The
default in Windows 2000 is to have a sub folder inherit the permissions of
the folder it is in on creation. By default, the Samba share's folders
don't
do this. Is there any way to make samba by default copy all the ACLs when A
folder is created? It does it if you manually check the "Allow inheritable
permissions from parent to propagate to this object" box on the Security
page of properties.

If there is no way to do this in Samba (I'm using 2.2.5), can it be done
with cacls.exe or some other item?

Thank you,

Tom

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Date: Thu, 24 Apr 2003 10:41:39 -0700
> From: "Tom Dickson" <tdickson@inostor.com>
> To: "samba mailing list" <samba@lists.samba.org>
> Subject: [Samba] ACLs and Windows 2000 look alike (inheritance of
permissions)
> Message-ID: <JPECIMBMOFCBKIOOKHIOOEMJCAAA.tdickson@inostor.com>
> Content-Type: text/plain;
> 	charset="iso-8859-1"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Precedence: list
> Message: 35
>
> I've gotten samba working with ACLs over an XFS filesystem. Everything
works
> pretty well with knowledge of the workarounds (cannot remove group
everyone,
> etc.)
>
> The only major problem I have is that ACLs don't inherit correctly. The
> default in Windows 2000 is to have a sub folder inherit the permissions of
> the folder it is in on creation. By default, the Samba share's folders
don't
> do this. Is there any way to make samba by default copy all the ACLs
when A
> folder is created? It does it if you manually check the "Allow
inheritable
> permissions from parent to propagate to this object" box on the
Security
> page of properties.
>
> If there is no way to do this in Samba (I'm using 2.2.5), can it be
done
> with cacls.exe or some other item?
>
- From the man page for smb.conf (search for inherit with /inherit)

"inherit  acls  (S)  This parameter can be used to ensure that if
default acls exist on parent directories, they are  always  hon-
ored  when  creating a subdirectory.  The default behavior is to
use the mode specified when  creating  the  directory.  Enabling
this  option  sets  the  mode  to  0777,  thus guaranteeing that
default directory acls are propagated.

Default: inherit acls = no"

Note the (S) means this is a per-share option.

Regards,
Buchan

- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+qSzHrJK6UGDSBKcRAoVEAJwP7rSv9++Wfd1NC/40DIzev7MvBwCgx5Vu
lbQsER/PssbOy6qyiWv1Y9k=Zfyk
-----END PGP SIGNATURE-----