In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions
and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the
primary group owner of a file or directory to modify the permissions and ACLs
on that file.
On a Windows server, groups may be the owner of a file or directory - thus allowing anyone in
that group to modify the permissions on it. This allows the delegation of security controls
on a point in the filesystem to the group owner of a directory and anything below it also owned
by that group. This means there are multiple people with permissions to modify ACLs on a file
or directory, easing managability.
This parameter allows Samba to also permit delegation of the control over a point in the exported
directory hierarchy in much the same was as Windows. This allows all members of a UNIX group to
control the permissions on a file or directory they have group ownership on.
This parameter is best used with the option and also
on on a share containing directories with the UNIX setgid bit bit set
on them, which causes new files and directories created within it to inherit the group
ownership from the containing directory.
This is a new parameter introduced in Samba 3.0.20.
This can be particularly useful to allow groups to manage their own security on a part
of the filesystem they have group ownership of, removing the bottleneck of having only
the user owner or superuser able to reset permissions.
inherit owner
inherit permissions
no