Reproducible bug in 3.0.2a ACL support
Jan Koop
ceb at cbct.de
Thu Apr 15 13:08:52 GMT 2004
Hi list,
this is the situation:
Basics:
RH AS 3.0 Update 1
Kernel 2.4.21-9.0.1.ELsmp
Samba 3.0.2a
Filesystem: ext3
Mount options: acl,noatime
Config:
Role: PDC
passdb backend = ldapsam:ldapi://%2fvar%2frun%2fldapi/
Everything works so far. Now the problem:
We have a file "example.doc" which is a word 8 (word 97) file.
The file is owned by "alice", group "users"
getfacl output:
# file: example.doc
# owner: alice
# group: users
user::rwx
group::r-x
group:word:rwx
mask::rwx
other::---
alice and bob are in the additional group "word":
[root at smb01 testdir]# id alice
uid=1000(alice) gid=513(users) groups=513(users),1192(word)
[root at smb01 testdir]# id bob
uid=1001(bob) gid=513(users) groups=513(users),1192(word)
Group mapping and such is correctly set up.
Alice can use the file without any problems. Now bob comes along, opens
the file, changes it and writes to it.
This is what happens to the ACLs/ownership:
Bob takes ownership of the file, alice is placed on the ACL with her old
rights (rwx) and bob's user write bit is removed.
ACL output after the event:
# file: example.doc
# owner: bob
# group: users
user::r-x
user:alice:rwx
group::rwx
group:word:rwx
mask::rwx
other::---
This results in the "write protected" flag being set on the client when
looking at it in "Properties...", thus enabling the client to only open
the file read only (as bob that is).
I was able to track down the problem to the combination of Office 97
running under Windows XP SP1. It does not occur using Office 97 under
Windows 9x nor using Office XP / Office 2003 under Windows XP SP1.
Overview:
Office 97 under XP : BUG
Office 97 under 9x : OK
Office XP/2k3 under XP: OK
Office XP/2k3 under 9x : ??? ;D
I haven't tried any Windows 2000 or Office 2000 versions, as well as no
NT or XP without SP1 Office 97 has SR-2a.
This occurred in a similar setup using XFS w/ ACLs as well.
Excuse my harsh subject, I know it could be a bug in Office 97, but
buying 150+ Office XP licenses is not possible. And I am almost sure
that it won't happen when opening a file on a Windows Server.
So my guess is: Office 97 running under XP is trying to do something to
the NT ACLs it gets from the server. At some point this fails and leaves
this mess. Maybe Windows servers have some kind of workaround for that,
but I will look into it later on today when a test setup is up.
I tried a lot forcing the file mode and security mask but it didn't help.
I saw at least two guys stating this problem on this list with no
solution. I'm not sure if this bug is known or if it even was fixed in
3.0.3 already.
If think you can help me please feel free to ask me anything you want to
know, or request more detailed information/traces, even access to a test
setup.
Thanks guys,
Jan
More information about the samba-technical
mailing list