[Samba] Bizarre - How did windows user setfacl for a file??

David C. Rankin drankinatty at suddenlinkmail.com
Thu Nov 20 08:55:23 GMT 2008 

Greg Byshenk wrote:
> On Wed, Nov 12, 2008 at 01:46:45AM -0600, David C. Rankin wrote:
>  
>> 	In 8 years, since 2.02 (I think), I have never seen this behavior out of
>> samba. I run a stand-alone server with WinXP clients. Somehow a legal assistant
>> created (not intentionally mind you) files and directories with ACL attributes set:
>>
>> -rwxrwx---+ 1 cyndy ochiltree 21504 2008-10-28 16:48 AUTHORIZATION -
>> employment.doc*
>> -rwxrwx---+ 1 cyndy ochiltree 12804 2008-10-28 16:48 AUTHORIZATION -
>> employment.pdf*
>> drwxrwx---+ 2 cyndy ochiltree  4096 2008-10-29 16:56 Gregg, Joy/
>> -rwxrwx---+ 1 cyndy ochiltree 44544 2008-10-28 16:32 POA - BG Contingency New.doc*
>> -rwxrwx---+ 1 cyndy ochiltree 48309 2008-10-28 16:31 POA - BG Contingency New.pdf*
>> drwxrwx---+ 2 cyndy ochiltree  4096 2008-10-29 16:51 Roper, Buddy/
>>
>> 	What in the heck? I found the setfacl --remove-all
>> command that gets rid of this, but I'm still left wondering WTF happened in the
>> first place? Moreover, how do I configure samba to make sure this never happens
>> again? My config is: [...]
> 
> 
> I'm not sure for exactly how long, but Samba has supported extended ACLs
> for quite some time (if the underlying OS/filesystem has such support).
> 
> To ensure that it is not there, you can either a) build samba without
> acl support; or b) disable extended ACLs on the filesystem.
> 
> As for why it changed for you, I notice that the default configuration
> is now (for Samba-3.2.4, at least)
> 
>    --with-acl-support      Include ACL support (default=auto)
> 
> ... which I believe means that it will build in ACL support if the 
> system has it.  Perhaps this has changed recently?
> 
> 

Greg

I suspect you are 100% correct. Some of the legal applications that run on the
server do use ACLs controls. I suspect this has always been the case, but after
3.2.4, they decided to introduce themselves to me ;-)

-- 
David C. Rankin, J.D.,P.E.      |
Rankin Law Firm, PLLC           |             Countdown for openSuSE 11.1
510 Ochiltree Street            |        http://counter.opensuse.org/11.1/small
Nacogdoches, Texas 75961        |
Telephone: (936) 715-9333       |          openSoftware und SystemEntwicklung
Facsimile: (936) 715-9339       |              http://www.opensuse.org/
www.rankinlawfirm.com           |

More information about the samba mailing list