Folders created on an SMB share using a Mac – Cascading ACLs

[vampyreapocalyps]

Hi everyone,

This is more of a question than a problem I’m trying to solve, really. Though the answer might help me better explain the issue to our security team.

Our environment has multiple Windows file servers, both 2003 and 2008. If one of these SMB shares is accessed from a Mac and the user creates a folder, will the ACLs on the share that are set to cascade actually cascade to this newly created folder? We’ve had issues in the past where ACLs that are supposedly set to cascade on a shared folder are not present on sub-folders created from Macs.

Next question: if the share resides on a netapp device, do the same rules apply? The Macs are still connecting to these shared folders using the SMB protocol.

All Macs are bound to our 2008 AD domain and use network accounts with local homefolders. The issue seems to happen when one or both of the following things happen:

1. A Mac user copies/creates a folder on a Netapp share and for some reason it doesn’t inherit rights correctly

2. We move the folder from one share on an actual Windows server to the Netapp and it doesn’t take permissions correctly.

Please let me know if you need any other information.

[Author]

Posts