The standard UNIX user/group/world triplet and the corresponding
execute permissions triplets are mapped by Samba into a three-element NT ACL with the
“r”, “w”, and “x” bits mapped into the corresponding NT
permissions. The UNIX world permissions are mapped into the global NT group
by the list of permissions allowed for the UNIX world. The UNIX owner and group permissions are displayed as an NT
user icon and an NT local group icon, respectively, followed by the list
of permissions allowed for the UNIX user and group.
Because many UNIX permission sets do not map into common NT names such as
full control, usually the permissions will be prefixed
by the words
Special Access in the NT display list.
But what happens if the file has no permissions allowed for a particular UNIX user group or world component?
In order to allow
to be seen and modified, Samba then overloads the NT
Take Ownership ACL attribute (which has no meaning in UNIX) and reports a component with
no permissions as having the NT
bit set. This was chosen, of course, to make it look
like a zero, meaning zero permissions. More details on the decision behind this action are given below.
Directories on an NT NTFS file system have two different sets of permissions. The first set is the ACL set on the
directory itself, which is usually displayed in the first set of parentheses in the normal
NT style. This first set of permissions is created by Samba in exactly the same way as normal file permissions are, described
above, and is displayed in the same way.
The second set of directory permissions has no real meaning in the UNIX permissions world and represents the
inherited permissions that any file created within this directory would inherit.
Samba synthesizes these inherited permissions for NT by returning as an NT ACL the UNIX permission mode that a new file
created by Samba on this share would receive.