Sticky ACL's samba
Is it possible to implement acls' recursively in samba ?
I set up a test directory for students.
I have acl setup so that DOMAIN^teachers have read only access:
ls -l /home/DOMAIN
drwsrws---+ 5 DOMAIN\teststudent00 DOMAIN\domain^admins 4096 2008-07-21 09:36 teststudent00
but the ACL is not sticky - when the teststudent creates an new directory within his homedrive, the DOMAIN\teachers permissions do not propagate through.
getfacl: Removing leading '/' from absolute path names
# file: home/DOMAIN/teststudent00
# owner: DOMAIN\134teststudent00
# group: DOMAIN\134domain^admins
is this possible to achieve ?
the relevant samba share is here:
comment = Home Directories
path = /home/%D/%U
valid users = %D\%S
read only = No
create mask = 0770
directory mask = 0770
In your global section, do you have the following options set?
I believe the key one for what you want is 'map acl inherit'. Of course this will only work if your using a filesystem that supports extended attributes and you have enabled it.
map acl inherit = yes
nt acl support = yes
ea support = yes
store dos attributes = yes
At first it didn't work, I needed to also set:
inherit permissions = yes
yep, good catch. :)
Also watch out. If you start messing about with permissions with setfacl you may break things on the windows side of stuff. So be careful and/or backup your permissions settings before fiddling. :P
Oh and finally, you may also want to enable 'inherit owner'. Especially if your using quotas.
inherit owner = yes