[Samba] Solaris ACLs + Linux ACLS - Files Becoming Read Only
Bolke de Bruin
bdbruin at aub.nl
Mon Mar 21 09:10:24 GMT 2005
Samba 3.0.11 + acl (ext3)
-------------------------
I have to second this, but actually we are seeing the same problem with
Linux ACLS (ext3) and Office 97. Further investigation showed that
although the acls seem to be inherited (eg the group has write access)
the do not seem to be honoured with regard to the user. Let me give an
example to clarify:
2 users: y,x
belogn to group: mygroup
user x creates a file: A
user y modifies file A
user x cannot modify file A anymore
Permissions for user X are being set to read-only.
Note: In our case the user (X) is actually able to change the
permissions and to write to the file again.
It would greatly appreciated if someone know a solution to this problem.
regards,
Bolke de Bruin
Solaris ACLs - Files Becoming Read Only
---------------------------------------
Problem:
--------
Since we have upgraded to Microsoft Office 2003 from Microsoft Office
2000 we have had problems with files becoming Read Only.
Background:
-----------
We have read-only and write groups which have access to files. We
control access using both the Samba configuration file and file system
ACLs. This give our users the flexibilty to access files via NFS, FTP or
Samba. We have had no problems until upgrading to Microsoft Office 2003
on our client devices. Rolling back to Microsoft Office 2000 is
unfortunately not an option.
When more than one users accesses a document using either Microsoft Word
2003 or Microsoft Excel 2003 Samba will change permissions on the file
and also modify the underlying ACL. The access does NOT have to be
concurrent. One user can finish working with the file and another user
can attempt to edit the file and cause it to become read-only.
System Information:
-------------------
Operating System - Solaris 9 (sparc)
Samba Version - 3.08
Samba has been compiled with ACL support.
Abridged Samba Configuration:
-----------------------------
[global]
kernel oplocks = No
create mask = 0770
oplocks = No
level2 oplocks = No
[sharename]
valid users = @"readgroup",@"writegroup"
read list = @"readgroup"
write list = @"writegroup"
force group = "readgroup"
create mask = 0740
force create mode = 0740
inherit permissions = yes
inherit acls = yes
Solaris ACL Configuration
-------------------------
The following is the ACL information on a file.
user::rwx
group::--- #effective:---
group:readgroup:r-x #effective:r-x
group:writegroup:rwx #effective:rwx
mask:rwx
other:---
Standard Unix permissions on this file appear as
-rwx------+ (the + symbolises that the file has ACLs set)
The following is the resulting file permissions and ACLs on an AFFECTED
FILE.
user::r-x
user:username:rwx #effective:rwx
group::r-x #effective:r-x
group:writegroup:rwx #effective:rwx
mask:rwx
other:---
-r-xr-x---+
Whats Been Tried
----------------
We have tried enabling and disabling OpLocks without success.
We have also tried to disable ACLs on the file system and use standard
UNIX permissions. This DOES stop files from becoming read only, but only
provides the required access when accessing the file system via Samba.
We need to continue using ACLs as Samba is not the only method used to
access files.
Any ideas on how we may solve this problem would be greatly appreciated.
Thanks,
Damien
More information about the samba
mailing list