samba - Mar 2006 - Default Posix ACLs are ignored when copying files between two directories using Windows (XP)

I have tried to read the documentation, but I was not able to find a clear
solution  to my problem. I run Samba 3.0.14a on a Debian system with Posix
ACLs.

I  have  a  share  on  a  file system that uses Posix ACLs, and I have two
directories in that share. Both directories have default ACLs set, so that
every  new  file  (or  directory) created under each directory (by Windows
XP/2000 clients) gets default permissions correctly.


Now,  when  a  user  that  has "rwx" permissions on both directories
tries
(from a WinXP box) to move a subtree from from directory A to directory B,
the  moved  tree  (files and directories) keeps all of the the ACLs (Posix
and also standard user/group/other) and file ownership (user and group) it
had when it was under directory A, ignoring completely the defaults set in
directory B.

This makes the moved subtree unreadable to users of directory B, which are
not allowed to open files from directory A.

Is  there some solution to this issue? Maybe I need to set "inherit acls
yes"?

I basically want ACLs to be ALWAYS the default ones, as set on the topmost
directory, nothing more and nothing less.


Thanks for your help.

-- 

  Fabio "Kurgan" Muzzi

Hi Fabio,

I'm seeing this exact same behavior on my Samba server.  For what it's
worth, I also see this same behavior with shares/folders on a Windows NT
system.  It seems Samba/Linux and Windows NT behave the same in this regard.

One thing you can do is tell your users to "copy" files from directory
A to
directory B, then delete the original files from directory A.  It's
annoyingly inconvenient, (and inefficient) but it works.

I've taken to running the following command from my Samba server whenever my
users "move" files between directories with different ACLs,

	cd /path/to/directoryB
	getfacl . | setfacl -R --set-file=- *

Another thing you can do is put directory A and directory B on different
filesystems.  This will cause ext3 (or whatever) to actually create new
inodes for each file and set the permissions appropriately.  (This isn't an
option in my environment, but might be for you.)

Let me know if you find a more elegant solution!

Thanks,
Jeff


 
> -----Original Message-----
> From: samba-bounces+jeffrey.lewis=sri.com@lists.samba.org 
> [mailto:samba-bounces+jeffrey.lewis=sri.com@lists.samba.org] 
> On Behalf Of Fabio Muzzi
> Sent: Friday, March 31, 2006 3:45 AM
> To: samba@lists.samba.org
> Subject: [Samba] Default Posix ACLs are ignored when copying 
> files between two directories using Windows (XP)
> 
> 
> I have tried to read the documentation, but I was not able to 
> find a clear
> solution  to my problem. I run Samba 3.0.14a on a Debian 
> system with Posix
> ACLs.
> 
> I  have  a  share  on  a  file system that uses Posix ACLs, 
> and I have two
> directories in that share. Both directories have default ACLs 
> set, so that
> every  new  file  (or  directory) created under each 
> directory (by Windows
> XP/2000 clients) gets default permissions correctly.
> 
> 
> Now,  when  a  user  that  has "rwx" permissions on both 
> directories tries
> (from a WinXP box) to move a subtree from from directory A to 
> directory B,
> the  moved  tree  (files and directories) keeps all of the 
> the ACLs (Posix
> and also standard user/group/other) and file ownership (user 
> and group) it
> had when it was under directory A, ignoring completely the 
> defaults set in
> directory B.
> 
> This makes the moved subtree unreadable to users of directory 
> B, which are
> not allowed to open files from directory A.
> 
> Is  there some solution to this issue? Maybe I need to set 
> "inherit acls > yes"?
> 
> I basically want ACLs to be ALWAYS the default ones, as set 
> on the topmost
> directory, nothing more and nothing less.
> 
> 
> Thanks for your help.
> 
> -- 
> 
>   Fabio "Kurgan" Muzzi
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>