In a samba share with vfs_acl_tdb or vfs_acl_xattr, ACL inheritance cannot be disabled if the ACLs on the current object are identical to the ACLs of the parent object. If they are different from the ACLs of the parent object, inheritance _can_ be disabled. To reproduce the bug: - Create a samba share and configure it with vfs objects = acl_xattr or vfs objects = acl_tdb - From a Windows client, create a folder in this share - Right click on it, select properties - Go to the security tab - Click advanced - The "Inherit ACLs" checkbox is checked - Uncheck "Inherit ACLs" checkbox - Answer "Copy" to the popup with the question about what to do with the permission entries (from choices Copy|Remove|Cancel) --> The "Inherit ACLs" checkbox is now unchecked - Click "Apply" --> The "Inherit ACLs" checkbox is now checked again This is a copy/fork of a bug report for the same bug on samba4: https://bugzilla.samba.org/show_bug.cgi?id=6917 , created by Jeremy's request.
This problem also exists in 3.6.0pre1.
I'm sorry to say it but the jumbo-acl patch (from http://www.samba.org/~vlendec/jumbo-patch-3-5-6.diff) does not fix the issue.
And neither do the patches from http://samba.org/~jra/samba-3-5-x-acl-jumbo-patch.tgz If I can do anything else to assist, please let me know!
Thanks for your persistence on this. I've fixed the problem and will attach a patch for 3.5.7. This patch must be applied on top of the jumbo patch from bug: https://bugzilla.samba.org/show_bug.cgi?id=7716 Jeremy.
Created attachment 6083 [details] git-am fix for 3.5.7. Note - this fix must be applied on top of the ACL jumbo patch in bug 7716: https://bugzilla.samba.org/attachment.cgi?id=6073&action=edit Jeremy.
Hi Jeremy, The jumbo-acl patch from bug 7716 along with your patch in this bug fix the issue! Yay! Early Christmas this year :) This was tested on 3.5.6, 64-bit, for both vfs_acl_xattr and vfs_acl_tdb. Thanks a lot! roel
Comment on attachment 6083 [details] git-am fix for 3.5.7. Looks right
Pushed to v3-5-test. Closing out bug report. Thanks!