New files and folders do not inherit owner and group when SetUID and SetGID bits are set on NFS shares

Source: Microsoft Support

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.

Consider the following scenario -

• You are running Server for NFS and exporting directories over NFS
• SetUID and/or SetGID bit is set on these directories and these NFS shares are mounted on Linux clients

When a new file or a folder is created on the Linux client, it does not inherit the owner/group set on the parent folder.

The owner/group is not inherited by the files and subdirectories in NFS shares because Server for NFS does not implement the SetUID/SetGID semantics and it expects the NFS clients to take care of this aspect.

The same scenario, however, works with Solaris NFS clients because it takes care of propagating the owner/group of the parent folder on the newly created files and directories if the SetUID and SetGID bit is set on the NFS share.

Ace Inheritance can be used to achieve the same results with Microsoft Services for NFS.

The KeepInheritance setting can be enabled to provide the ability to configure the inherited access control entries (ACEs) on newly created files and directories in NFS mounted directories.

By default, the value of the KeepInheritance entry is 0, which means that newly created files and directories on NFS shares will not inherit ACEs from their parent directory. However, you want to be able to read and write every file and directory created in a hierarchy, you should set this value to 1 and set an inheritable read/write ACE at the root of the hierarchy.

For additional information about ACE Inheritance in Windows Service for UNIX and how to enable to that, click the article number below to view the article in Microsoft Knowledge Base -

     321049 (http://support.microsoft.com/default.aspx?scid=kb;en-us;321049) ACE Inheritance in Windows Services for UNIX

Note In this scenario, swapping the server to a Linux NFS server and client to Windows system running Client for NFS, results will remain same as mentioned in the cause section since Client for NFS also expects that the NFS server will set the owner/group of the parent folder on the newly created files and folder if SetUID/SetGID is set on the parent folder.

 

MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.