minor ACL issues SAMBA_2_2, Solaris 8
Michael Gerdts
Michael.Gerdts at usa.alcatel.com
Tue Jul 3 17:20:29 GMT 2001
I have found two issues with ACL's on Solaris 8: "no permission" gets
translated into "take ownership" and group names are not always enuermated.
There is a chance that they are just limitations of NT or UNIX.
Group name enumeration
======================
When both a unix group and a unix user exist with the same name, the
"Add Users and Groups" dialogue does not display the group as a workstation
group. Removing the user allows the group to be listed in the "Add Users
and Groups" dialogue.
Perhaps this is a limitation of the NT ACLs...
Take ownership
==============
This may be desired behavior, but I have not seen documentation on how
ACL's are supposed to work. If there is some documentation that has been
started or exists within comments, whatever, I would be willing to put a
bit of time in to get it into a format suitable for inclusion in the docs
directory.
-r-------- 1 mgerdts cns 0 Jul 3 11:01 400-mgerdts-cns
On NT 4, (WTS, Citrix) reports it as:
[group] server\cns Special Access (O)
[user] server\mgerdts Special Access (R)
[global] Everyone Speical Access (O)
I guess I would expect:
[group] server\cns No Access (None)
[user] server\mgerdts Special Access (R)
[global] Everyone No Access (None)
Using the permissions dialogue, I am able to change it to look like I
expect above, but when I view it next time it reverts. (I suspect that
this is a limitation in the interaction between UNIX and NT. Presumably
the most harmless way to present the group and other bits is by using the
take ownership bit set, as
Mike
More information about the samba-technical
mailing list