Hi,
I have a problem with the inheritance of ACLs, respectively the removal of the
inherited ACLs in subdirectories. The following szenario:
By default the access rights (including ACLs) should be inherited, but it
should also be possible to remove the access rights from any subdirectory.
Therefore I've set up the following configuration:
[Finanzen]
path = /shares/finanzen
msdfs root = no
writeable = yes
browseable = yes
public = no
create mode = 0744
directory mode = 0755
force create mode = 00
force directory mode = 00
security mask = 0777
directory security mask = 0777
force security mode = 00
force directory security mode = 00
locking = 1
blocking locks = 1
strict locking = 0
oplocks = 1
level2 oplocks = 1
fake oplocks = 0
csc policy = manual
nt acl support = 1
inherit acls = 1
inherit owner = no
inherit permissions = yes
dos filemode = no
root@qamaster:/shares# getfacl finanzen/
# file: finanzen
# owner: crunchy
# group: Share\040Admins
user::rwx
group::rwx
group:Domain\040Users:r--
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:Domain\040Users:r--
default:mask::rwx
default:other::---
The ACLs for Domain Users were set with a Windows client after that a
subdirectory TEST01 was created (BTW the group sticky bit is set):
root@qamaster:/shares# getfacl finanzen/TEST01/
# file: finanzen/TEST01
# owner: crunchy
# group: Share\040Admins
user::rwx
user:root:rwx
group::rwx
group:Domain\040Users:r--
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:Domain\040Users:r--
default:mask::rwx
default:other::---
When I try to remove the access rights for Domain Users on TEST01 (via
Properties->tab Security->button Advanced...) the following happens:
clicking
the remove button results in the disappearance of the entry; as expected.
After clicking the apply button the entry is back again in the list.
It looks like 'inherit acls' does not allow removing the inherited
access
rights on subdirectories.
When I remove the access to TEST01 for Domain Users with setfacl [-d] -x ...
(POSIX ACLs and Default POSIX ACLs) and add any other access right to the
directory via Windows the access rights for Domain Users are added again.
Has anyone an idea why this happens? Is there a mistake in my configuration?
If you need any further information just ask.
thanks in advance
Andreas
--
Andreas B?sching <buesching@univention.de> fon: +49 421 22 232- 0
Entwicklung Linux for Your Business
Univention GmbH http://www.univention.de/ fax: +49 421 22 232-99
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url :
http://lists.samba.org/archive/samba/attachments/20080612/b4d5b772/attachment.bin