[Samba] ACL and delete files
Peter Kruse
pk at q-leap.com
Fri Apr 15 14:59:59 GMT 2005
Hello,
Here's a way to force the error. Please try it.
To summarize: Create a file with permission bits set to 470, owned by
root. With setfacl give write permission to a group. Users in that
group will not be able to modify the file when accessing the share
from a windows client. This is true for smbclient as well.
Modifying the file under Linux works as expected.
Please confirm if you observe the same behaviour.
$ ls -l testi2.txt
-r--rwx---+ 1 root QLEAP+domänen-benutzer 14 Apr 15 16:40 testi2.txt
(Note the file belongs to root but has no write permission)
$ getfacl testi2.txt
# file: testi2.txt
# owner: root
# group: QLEAP+dom\303\244nen-benutzer
user::r--
user:QLEAP+testi2:rwx
group::r--
group:QLEAP+testgruppe20:rwx
mask::rwx
other::---
$ id
uid=10032(QLEAP+testi2) gid=10029(QLEAP+domänen-benutzer)
...,10067(QLEAP+testgruppe20),...
$ vi testi2.txt
(can edit the file)
$ smbcacls -U testi2 //hatest1/admin testgruppe20/testi2.txt
creating lame upcase table
creating lame lowcase table
Password:
REVISION:1
OWNER:HATEST1+root
GROUP:QLEAP+Domänen-Benutzer
ACL:HATEST1+root:ALLOWED/0/R
ACL:QLEAP+testgruppe20:ALLOWED/0/FULL
ACL:QLEAP+Domänen-Benutzer:ALLOWED/0/R
ACL:QLEAP+testi2:ALLOWED/0/FULL
ACL:+Jeder:ALLOWED/0/
$ smbclient -U testi2 //hatest1/admin
creating lame upcase table
creating lame lowcase table
Password:
Domain=[QLEAP] OS=[Unix] Server=[Samba 3.0.13-Debian]
smb: \> cd testgruppe20
smb: \testgruppe20\> lcd /etc
smb: \testgruppe20\> put passwd
putting file passwd as \testgruppe20\passwd (1122.9 kb/s) (average
1123.0 kb/s)
smb: \testgruppe20\> put passwd testi2.txt
NT_STATUS_ACCESS_DENIED opening remote file \testgruppe20\testi2.txt
smb: \testgruppe20\> q
$
With this information I hope it is possible to find the bug.
Thanks,
Peter
More information about the samba
mailing list