Bug 15705 - Adding ACL through smbcacls for share on Win Server 2016 Data Center breaks automatic inheritance
Summary: Adding ACL through smbcacls for share on Win Server 2016 Data Center breaks a...
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: 4.17.12
Hardware: x64 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-08-30 08:49 UTC by Paul
Modified: 2024-08-30 08:49 UTC (History)
0 users

See Also:


Attachments
Debug log (level 10) of adding ACL (37.92 KB, text/plain)
2024-08-30 08:49 UTC, Paul
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Paul 2024-08-30 08:49:31 UTC
Created attachment 18427 [details]
Debug log (level 10) of adding ACL

Listing ACL's for Windows share:

smbcacls //10.10.50.23/home /ctest -U czt-admin -W PUW -m SMB2

result:

REVISION:1
CONTROL:SR|DI|DP
OWNER:PUW\czt-admin
GROUP:PUW\Domain Users
ACL:PUW\czt-admin:ALLOWED/I/FULL
ACL:CREATOR OWNER:ALLOWED/OI|CI|IO|I/FULL
ACL:NT AUTHORITY\SYSTEM:ALLOWED/OI|CI|I/FULL
ACL:BUILTIN\Administrators:ALLOWED/OI|CI|I/FULL

add ACL:

smbcacls //10.10.50.23/home /ctest -U czt-admin -W PUW -m SMB2 -a 'ACL:PUW\ctest:ALLOWED/OI|CI/FULL'

and list once again:

REVISION:1
CONTROL:SR|DP
OWNER:PUW\czt-admin
GROUP:PUW\Domain Users
ACL:PUW\ctest:ALLOWED/OI|CI/FULL
ACL:PUW\czt-admin:ALLOWED/I/FULL
ACL:CREATOR OWNER:ALLOWED/OI|CI|IO|I/FULL
ACL:NT AUTHORITY\SYSTEM:ALLOWED/OI|CI|I/FULL
ACL:BUILTIN\Administrators:ALLOWED/OI|CI|I/FULL

CONTROL changed from SR|DI|DP to SR|DP (automatic inheritance is lost).

smbcacls Version 4.17.12-Debian