Directory within SMB share default permissions

Hi @MocE,

You are correct that POSIX clients will generally try to write with fairly open permissions and if you change the client umask setting so that it doesn't strip write access, then generally, files created by such clients will also have open permissions. You have also noted that Windows clients generally don't behave the same. In fact, it's very common to see Windows clients coded in such a way that the routine that opens/creates the file (the WIN32 CreateFile() routine) isn't even passed any permissions and it uses a default ACL.

If you would like files created below a particular folder to gain additional permissions, the usual way to achieve this in the Windows world is to add inheritable ACEs to the ACL of the parent directory. For instance, you could add the following inheritable ACEs to the parent:

creator_owner allow generic_all,object_inherit,container_inherit,inherit_only
creator_group allow generic_all,object_inherit,container_inherit,inherit_only,
"Domain Users" allow generic_read,object_inherit,container_inherit

When a new file is created under that directory/folder, it will have full rights for the user who created it and for anybody in their primary group, and it will have read access for the "Domain Users" group. If you want to give full access to all users, you can use "everyone" as the trustee (the name/group you're giving the rights to).

You can do this on cluster using the chmod command (see `man chmod`) or you can do it from Windows provided the permissions already allow management from Windows (e.g. members of the "Domain Admins" group have full control).

Tim