Problem with linux permissions mapped to WinNT rights

John Trostel jtrostel at connex.com
Mon Apr 23 17:46:24 GMT 2001 

On 23-Apr-2001 Olaf Fr±czyk wrote:
> Hi,
> I noticed something strange with mapping ACLs to WinNT rights.
> samba 2.2.0 from RH rpm, no acl support, kernel 2.4.3 without ACL support,
> WinNT 4.0 Workstation ServicePack 6a Polish:
> Step 1: give all permisions to user,group,world eg. chmod 777 testfile
> Step 2: look at permisions from WinNT: looks good, user,group and everyone
> have rwx access.
> Step 3: Remove from WinNT all (rwx) access for Everyone
> Step 4: Close window in WinNT
> Step 5: Check permissions, you will get:
> linux: rights for file: r--------, from WinNT: user:R,group:O,
> everyone:O. O=take ownership (translated from polish).
> So, why, when I change permissions for everyone, also permissions for
> group, and owner gets changed!?

As I mentioned before, this is 'expected' behavior for Samba

Now, though, I have my newly recompiled kernel.

> Similiar behaviour is when I remove all rights for group.
> 
> Exactly the same behaviour for the above cases I have for:
> samba --with-acl-support, and kernel with XFS ACLs. Additionally,
> when removing access for everyone, or for group, all other users added
> to ACL, also lost their rights.

On XFS share, with SGI/XFS/2.4.3 kernel built from this mornings CVS:

When I set an additional user to have read access and then remove the
permissions for 'Everyone', the 'normal' perms on the Linux side show:

-rwxrwx---      1       jt      jt      1_1

(the 'other' perms are '0' now)

on the NT side, Everyone shows a 'O', Samba's equivalent of a '0'(zero).

The chacl -l output on the Linux side shows:

1_1 [o::---,u:new user:r-x,g::rwx,u::rwx,m::rwx]

So, the 'other' perms are still off, the additional user 'new user' is still
there and the permissions for the standard (owner) user and group are preserved.

> Everything is good, if when removing all rights for Everyone or for group
> I set the 'O' right for them in WinNT. 

Samba is setting these for me with my setup.
 
> And one more thing, when ACL support enabled, I can't change permissions
> on files which are on file system without ACL support:
> xfs - I can change permissions,
> ext2 - I can't change (I can, when I don't enable ACL support)


Ok... let me restart my samba and aim it to an ext2 partition.
hmmm.... yes, I am seeing the same problem.  I had a file called 'jts_test.txt'
created under Samba.  It got initial permissions -rwxr--r-- and owner 'jt',
group 'jt' when created by Samba.

I get an 'access denied' error when I try to delete the file.

I can delete the file by hand on the Linux side.

The problem stems from the sys_acl_init function.  This function is called
within 'set_canon_ace_list' in smbd/posix_acls.c.  It assumes that the call to
sys_acl_init will return a NULL acl and the error ENOSUP when attempted on a
file system without acl support. Unfortunately, the posix standard only
specifies one input parameter to the acl_init() function, the count.  The
acl_init function merely initializes a working space for the acls in user space
and returns. There doesn't really seem to be any place in the function to query
the filesystem.  If I add in a little bit of code to posix_acls.c in the
set_canon_ace_list function after the sys_acl_init call to try and get an
ACCESS acl on the file, it properly fails on an ext2 filesystem and then Samba
works again.  That is, it can get and set normal unix acls on ext2 and can get
and set valid XFS acls on the XFS filesystem.

I'll look at my patch a little more and then send it in for persusal.
> Regards,
> 
> Olaf Fraczyk, <olaf at cbk.poznan.pl>

-- 
John M. Trostel
Linux OS Engineer
Connex
jtrostel at connex.com

More information about the samba-technical mailing list