Having encountered severe frustration, ambiguity and incorrect factual content during my tries to understand inherit acls and inherit permissions sections of man smb.conf, I am suggesting a hopefully clear and elegant rewording of them. I am not sure if all details are correct. Please correct them if they are factually wrong. inherit acls (S) inherit permissions (S) These two options control the processing of permissions of newly created files or directories between client's request and actual creation of the file/directory on the local filesystem. The process begins with client asking (either implicitly or explicitly Samba to create a file. The client always supplies a file permission vector basically similar to plain UNIX permission bit vector. At the end of the process, Samba calls appropriate system call which, regardless of whether the filesystem is an ACL or plain old UNIX one, requires a plain old UNIX permission string. The resulting file's/directory's permissions or ACL is a result of creating the file using underlying operating system call with <em>mode</em> parameter resulting from process described below, and with umask set to 0. See corresponding UNIX and ACL documentation for the rules that apply. Further, mode represents the permission string being gradually processed. 1. mode is assigned what client asks us to create 2. if inherit permissions is set to "no", then certain permissions are revoked from mode by application of create mask (for files) or directory mask (for directories). 3. if inherit permissions is set to "no", then certain permissions are granted into mode by application of force create mode (for files) or force directory mode (for directories). 4. if inherit permissions is set to "yes" and the object to be created is a directory, mode is set from parent directory's permissions including bits such as setgid, but excluding setuid. Setuid is set to zero. 5. if inherit permissions is set to "yes" and the object to be created is a file, all bits including bits like setgid with exception of execute and setuid bits are copied from parent directory. Setuid bit is set to zero. 5. if inherit acls is set to "yes" and the filesystem is an ACL one and the parent directory has a default acl, the mode is set to 0777. This causes verbatim copy of default ACL to be propagated, as implies from ACL documentation. Now, the system call itself is called, with <em>mode</em> as parameter and with umask set to 0. SEE ALSO: man creat, open, mkdir, acl.
EMailed JRA for comment on this. I'll review later. - JHT
updating qa contact
John, is you still want to include it, please reopen the bug