samba - Sep 2008 - inherited acl

Thanks Willy and Roberto

  testparm -v    is serving my purpose. Another doubt i have is related with
acl.
Even though by default

inherit permissions = No
inherits acls =No
map acl inherit = No

 New files and folder is inheriting permission from parent.

thanks

Am Montag, 15. September 2008 schrieb vishesh kumar:
> Thanks Willy and Roberto
> 
>   testparm -v    is serving my purpose. Another doubt i have is related
with
> acl.
> Even though by default
> 
> inherit permissions = No
> inherits acls =No
> map acl inherit = No
> 
>  New files and folder is inheriting permission from parent.
> 
> thanks
If the parent directory has "default:[group|user]:<some
name>:<permissions>" entries these are inherited by new objects.
This is a standard POSIX behaviour and is not related to Samba. They would even
be inherited if you created a new file/directory using the console.

Matthias

Thanks Nagel

 That means
"inherit permission" and "inherit acl" parameter should be
used  only
when default acl  not present on parent directory.

Am Dienstag, 16. September 2008 schrieb vishesh:
> Thanks Nagel
> 
>  That means
> "inherit permission" and "inherit acl" parameter should
be used  only
> when default acl  not present on parent directory.
> 
No, if you want to be sure that permissions are inhereted properly, you need
both, default permissions and "inherit permissions/acl". If
"inherit permissions/acl" is missing, the default acl are inherited
but may be they are modified. The man page reads:

inherit acls (S)

           This parameter can be used to ensure that if default acls exist on
parent directories, they are always honored when creating a new file or
subdirectory in these
           parent directories. The default behavior is to use the unix mode
specified when creating the directory. Enabling this option sets the unix mode
to 0777, thus
           guaranteeing that default directory acls are propagated.

The important point is, that the unix mode is set to 0777, if "inherit acl
= yes" is set. Otherwise the unix mode, that is active for the user context
Samba is running in, will be taken. I will give an example to make things clear.

Imagine you have a directory with the following acls:

default:mask::rwx
default:user::rwx
default:user:my_account:r-x

and the effective user mode is not 0777 but 0666 and "inherit acl" is
set to "no". In this case the new file gets the following acls

default:mask::rw-
default:user::rw-
default:user:my_account:r--

Please recognize the missing executive bit. The acl of the new object is the
logical AND operation of the default acl and the effective unix mode. The acl
are inherited anyway, no matter what "inherit acl" says. But the
result might be different from what you expect.

Matthias Nagel

Thanks Nagel for such a great explanation.