I'm using samba as a win2000 domain member and providing some files using posix ACLs My share configuration is like that: [software] path = /srv/software public = yes read only = no printable = no group = root directory security mask = 0777 directory mask = 0770 create mask = 0660 store dos attributes = no dos filemode = yes inherit permissions = yes inherit acls = yes hide unreadable = yes but I discovered a strange problem: Using the windows native acl tool I'm able to take file ownership of each file in my share but not of any directory. Error message is "access denied". The directories all have the same acl like file (rwx for the group of the user I'm trying with).
Jeremy Allison tried to explain the problem to me. I'm not very familar with the inner technical aspects of samba so I'll only pass his message along: Currently in Samba 3.0.20 root can change ownership to any user, someone with SeTakeOwnershipPrivilege can change owner to themselves, and someone with write permission to a file can change owner to the current authenticated user if dos filemodes are set. It's probably the latter case that matters to you - which is why the users can chown the files, but directories never have file write permission, which is what is stopping them chowning directories. In Samba 3.0.21 we'll be closer to windows semantics in that someone with SeRestorePrivilege can change the file to any other user. It doesn't take care of the directory case though.