[Samba] Bizarre - How did windows user setfacl for a file??
David C. Rankin
drankinatty at suddenlinkmail.com
Thu Nov 20 08:55:23 GMT 2008
Greg Byshenk wrote:
> On Wed, Nov 12, 2008 at 01:46:45AM -0600, David C. Rankin wrote:
>
>> In 8 years, since 2.02 (I think), I have never seen this behavior out of
>> samba. I run a stand-alone server with WinXP clients. Somehow a legal assistant
>> created (not intentionally mind you) files and directories with ACL attributes set:
>>
>> -rwxrwx---+ 1 cyndy ochiltree 21504 2008-10-28 16:48 AUTHORIZATION -
>> employment.doc*
>> -rwxrwx---+ 1 cyndy ochiltree 12804 2008-10-28 16:48 AUTHORIZATION -
>> employment.pdf*
>> drwxrwx---+ 2 cyndy ochiltree 4096 2008-10-29 16:56 Gregg, Joy/
>> -rwxrwx---+ 1 cyndy ochiltree 44544 2008-10-28 16:32 POA - BG Contingency New.doc*
>> -rwxrwx---+ 1 cyndy ochiltree 48309 2008-10-28 16:31 POA - BG Contingency New.pdf*
>> drwxrwx---+ 2 cyndy ochiltree 4096 2008-10-29 16:51 Roper, Buddy/
>>
>> What in the heck? I found the setfacl --remove-all
>> command that gets rid of this, but I'm still left wondering WTF happened in the
>> first place? Moreover, how do I configure samba to make sure this never happens
>> again? My config is: [...]
>
>
> I'm not sure for exactly how long, but Samba has supported extended ACLs
> for quite some time (if the underlying OS/filesystem has such support).
>
> To ensure that it is not there, you can either a) build samba without
> acl support; or b) disable extended ACLs on the filesystem.
>
> As for why it changed for you, I notice that the default configuration
> is now (for Samba-3.2.4, at least)
>
> --with-acl-support Include ACL support (default=auto)
>
> ... which I believe means that it will build in ACL support if the
> system has it. Perhaps this has changed recently?
>
>
Greg
I suspect you are 100% correct. Some of the legal applications that run on the
server do use ACLs controls. I suspect this has always been the case, but after
3.2.4, they decided to introduce themselves to me ;-)
--
David C. Rankin, J.D.,P.E. |
Rankin Law Firm, PLLC | Countdown for openSuSE 11.1
510 Ochiltree Street | http://counter.opensuse.org/11.1/small
Nacogdoches, Texas 75961 |
Telephone: (936) 715-9333 | openSoftware und SystemEntwicklung
Facsimile: (936) 715-9339 | http://www.opensuse.org/
www.rankinlawfirm.com |
More information about the samba
mailing list