Have new Microsoft Server 2012 network with about 45 pre-existing Mac OS X Mavericks machines.
Macs are connecting via SMB 1 (we had to turn off SMB 2 on the Windows servers)
Macs are NOT bound to Active Directory
"Employees" group has Full Control access to network share "Projects" - propagated from the top level down through inheritance. Domain "administrators" group has ownership of all files / folders in the share.
When a Mac user edits/renames a file, then saves it, the following happens:
The file "thinks" it's still inheriting, yet permissions change to: user logged in from Mac gets "full control", "users" gets read-only ("users" wasn't even in the previous permissions list), "administrators" maintain full control.
Ownership of the file is changed to the user name logged in from the Mac.
Other users (obviously) are unable to make changes to the file.
We can "repair" the permissions but the very next edit breaks them again.
We've thought of just removing "Full Control" from the "Employees" group (we know it's bad practice anyway but have allowed lately in other environments due to some apps not working right without full control)