Problem with "nt acl support" when saving Excel or Word Files

Michael Steffens michael.steffens at
Wed Feb 12 07:32:52 GMT 2003

Hi Jeff,

Jeff Mandel wrote:
> I found this is office 2000 v 9.3821 SR1 (not the latest)
> We are trying to load the latest office update to see if that fixes it 
> first. Is anybody experiencing this with samba later than 9.4402 SR1 or 
> on the latest version, whatever that is?

Would also prefer to find W2k or Office 2000 guilty (would be less work
for us), but having the vague feeling that it isn't.

Last weekend I could *very* partially fix the problem for W2k, when
"force group" is in effect.

Found in log that uid_entry_in_group() in smbd/posix_acls.c unsuccessfully
tried to lookup the current UID in the enforced group. I added a test
for exactly that configuration, and the revokation of owner write permissions

But, I do not really understand why it did, and it breaks on every other
configuration. And with "force group" ACLs are only half of the fun :)

Furthermore, ACLs of NT4 and WinXP clients end up incorrectly, too.
Previous owner and group permissions don't get transferred to the new
file. You can end up with the previous writer getting permissions
revoked, as the file's group changes to the GID of the last writer
(with NT4 and W2k, but not with WinXP).

On the other hand, in debug level 10, create_canon_ace_lists() always logs
that clients attempt to apply the corresponding allow ACEs. This part does
work correctly for W2k clients, however.


More information about the samba-technical mailing list