Re: [Samba] Samba4 and "inherit permissions ="
- Date: Fri, 5 May 2017 12:26:23 +0100
- From: Sebastian Arcus via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba4 and "inherit permissions ="
On 05/05/17 12:01, Rowland Penny via samba wrote:
On Fri, 5 May 2017 11:21:14 +0100
Sebastian Arcus via samba <samba@xxxxxxxxxxxxxxx> wrote:
After a decent amount of online searches, I am a little bit lost on
the subject of Samba4 in AD mode and ACL's. Could anybody help with
the following please:
1. Is it correct that my default ACL's are being ignored (new files
created don't follow the default ACL's permissions of the parent
folder) because "inherit permissions = " is set to No by default in
2. Is "inherit permissions = " still a valid option in smb.conf for
Samba4 in AD mode, or has it been deprecated?
3. Does "inherit permissions = " have the same effect as clicking
"Enable inheritance" button on the Windows side in the share settings?
If you are using an AD DC as a fileserver, you do not add anything to
the share other than the path and read only mode, you need to set the
ACLs from windows, see here:
Thank you for that. Where I got confused is that many howtos seem to
suggest that ACL's can be managed either from the Windows side, or with
setfacl on the Linux side.
I noticed that if I have the following ACL's
# file: VAT
# owner: root
# group: MYDOM\134domain\040users
The inheritance doesn't work correctly, in spite of the default ACL's.
It seems that it only works correctly if there is an explicit default
ACL for "Domain Users" - in spite of the fact that the "Domain Users" is
the owning group, and there is a default ACL for the owning group. Is
this by design?
To unsubscribe from this list go to the following URL and read the