When creating a new file, the default ACL on the parent directory is not properly used. 'inherit acls = no' and 'inherit acls = yes' produce different results, but both of them are not correct. ---- Share configuration ---- [archive] path = /home/archive comment = Archive create mask = 0664 directory mask = 0775 inherit acls = no browseable = yes read only = no writeable = yes wide links = no ---- Parent directory ACLs ---- # file: . # owner: root # group: Backup\040Operators user::rwx group::--- group:Domain\040Users:r-x group:Backup\040Operators:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:Domain\040Users:r-x default:group:Backup\040Operators:rwx default:mask::rwx default:other::--- ---- File created locally ---- # file: test-local # owner: laurent.p # group: Domain\040Users user::rw- group::--- group:Domain\040Users:r-x #effective:r-- group:Backup\040Operators:rwx #effective:rw- mask::rw- other::--- The file ACL is copied from the parent directory default ACL. This is the desired behavior. ---- File created through Samba with 'inherit acls = no' ---- # file: test-smb-no-inherit # owner: laurent.p # group: Domain\040Users user::rw- group::rw- group:Domain\040Users:r-x group:Backup\040Operators:rwx mask::rwx other::r-- When 'inherit acls' is set to 'no' in smb.conf, The default ACL is used (can be seen from the group:Domain Users and group:Backup Operators), but Samba sets group::rw- and other::r-- ---- File created through Samba with 'inherit acls = yes' ---- # file: test-smb-inherit # owner: laurent.p # group: Domain\040Users user::rwx group::--- group:Domain\040Users:r-x group:Backup\040Operators:rwx mask::rwx other::--- When 'inherit acls' is set to 'yes' in smb.conf, The default ACL is used (can be seen from the group:Domain Users and group:Backup Operators), the permissions on group::--- and other::--- are right, but Samba sets the eXecute bit even though 'create mask' is set to '0664'. The smb.conf manpage states that 'Enabling this option sets the mode to 0777' but doesn't specify if 'create mask' will be honored.
could you please try with current samba v3-0-test and compare the effects? there have been quite some fixes to the acl code recently (and less recently, too) Michael
v3-0-test fixes the problem.