When adding ACLs with IO flag, inheritance is incorrectly propagated to child folders. smbcacls //192.168.11.3/share /test -U admin -a "ACL:admin:ALLOWED/IO|CI/READ" --propagate-inheritance Parent folder has correct ACLs. smbcacls //192.168.11.3/share /test -U admin REVISION:1 CONTROL:SR|DP OWNER:BUILTIN\Administrators GROUP:SVR\Domain Users ACL:SVR\admin:ALLOWED/CI|IO/READ ACL:BUILTIN\Users:ALLOWED/OI|CI|I/FULL ACL:BUILTIN\Administrators:ALLOWED/OI|CI|I/FULL Child folder has IO flag set on ACL, although it shouldn't. smbcacls //192.168.11.3/share /test/subfolder -U admin REVISION:1 CONTROL:SR|DP OWNER:BUILTIN\Administrators GROUP:SVR\Domain Users ACL:SVR\admin:ALLOWED/CI|IO/READ ACL:BUILTIN\Users:ALLOWED/OI|CI|I/FULL ACL:BUILTIN\Administrators:ALLOWED/OI|CI|I/FULL So an ACL that should apply to all child folders except parent folder doesn't really apply to any folder.
This bug was referenced in samba master: eba2bfde347041a395f0fbd3c57235be63b1890d 80159018e411c643fbfe7ef82bd33e30b6147901
Created attachment 18292 [details] backported patch for 4.19
Created attachment 18293 [details] backported patch for 4.20
Reassigning to Jule for inclusion in 4.19 and 4.20.
Pushed to autobuild-v4-{20,19}-test.
This bug was referenced in samba v4-20-test: d28a889aed25ac98ba4ef34b26190224e5ebe907 db658c40f5d8aeef9dcc190753b7d14b1fa3f5fb
This bug was referenced in samba v4-19-test: e703c0c3914d79f5ae4f42b3055e7a2005194927 b00c09bee3bc28e5637fd786122faeb6b200f2c5
Closing out bug report. Thanks!
This bug was referenced in samba v4-20-stable (Release samba-4.20.1): d28a889aed25ac98ba4ef34b26190224e5ebe907 db658c40f5d8aeef9dcc190753b7d14b1fa3f5fb
This bug was referenced in samba v4-19-stable (Release samba-4.19.7): e703c0c3914d79f5ae4f42b3055e7a2005194927 b00c09bee3bc28e5637fd786122faeb6b200f2c5