minor ACL issues SAMBA_2_2, Solaris 8

Michael Gerdts Michael.Gerdts at usa.alcatel.com
Tue Jul 3 17:20:29 GMT 2001

I have found two issues with ACL's on Solaris 8:  "no permission" gets
translated into "take ownership" and group names are not always enuermated.
There is a chance that they are just limitations of NT or UNIX.

Group name enumeration

When both a unix group and a unix user exist with the same name, the
"Add Users and Groups" dialogue does not display the group as a workstation
group.  Removing the user allows the group to be listed in the "Add Users
and Groups" dialogue.

Perhaps this is a limitation of the NT ACLs...

Take ownership

This may be desired behavior, but I have not seen documentation on how
ACL's are supposed to work.  If there is some documentation that has been
started or exists within comments, whatever, I would be willing to put a
bit of time in to get it into a format suitable for inclusion in the docs

-r--------   1 mgerdts  cns            0 Jul  3 11:01 400-mgerdts-cns

On NT 4, (WTS, Citrix) reports it as:

  [group]  server\cns		Special Access (O)
  [user]   server\mgerdts	Special Access (R)
  [global] Everyone		Speical Access (O)

I guess I would expect:

  [group]  server\cns		No Access (None)
  [user]   server\mgerdts	Special Access (R)
  [global] Everyone		No Access (None)

Using the permissions dialogue, I am able to change it to look like I
expect above, but when I view it next time it reverts.  (I suspect that
this is a limitation in the interaction between UNIX and NT.  Presumably
the most harmless way to present the group and other bits is by using the
take ownership bit set, as 


More information about the samba-technical mailing list