Reproducible bug in 3.0.2a ACL support

Jan Koop ceb at
Thu Apr 15 13:08:52 GMT 2004

Hi list,

this is the situation:

RH AS 3.0 Update 1
Kernel  2.4.21-9.0.1.ELsmp
Samba 3.0.2a
Filesystem: ext3
Mount options: acl,noatime

Role: PDC
passdb backend = ldapsam:ldapi://%2fvar%2frun%2fldapi/

Everything works so far. Now the problem:

We have a file "example.doc" which is a word 8 (word 97) file.
The file is owned by "alice", group "users"

getfacl output:
# file: example.doc
# owner: alice
# group: users

alice and bob are in the additional group "word":
[root at smb01 testdir]# id alice
uid=1000(alice) gid=513(users) groups=513(users),1192(word)
[root at smb01 testdir]# id bob
uid=1001(bob) gid=513(users) groups=513(users),1192(word)

Group mapping and such is correctly set up.

Alice can use the file without any problems. Now bob comes along, opens 
the file, changes it and writes to it.
This is what happens to the ACLs/ownership:
Bob takes ownership of the file, alice is placed on the ACL with her old 
rights (rwx) and bob's user write bit is removed.

ACL output after the event:
# file: example.doc
# owner: bob
# group: users

This results in the "write protected" flag being set on the client when 
looking at it in "Properties...", thus enabling the client to only open 
the file read only (as bob that is).

I was able to track down the problem to the combination of Office 97 
running under Windows XP SP1. It does not occur using Office 97 under 
Windows 9x nor using Office XP / Office 2003 under Windows XP SP1.

Office 97 under XP : BUG
Office 97 under 9x : OK
Office XP/2k3 under XP: OK
Office XP/2k3 under 9x : ??? ;D

I haven't tried any Windows 2000 or Office 2000 versions, as well as no 
NT or XP without SP1 Office 97 has SR-2a.
This occurred in a similar setup using XFS w/ ACLs as well.

Excuse my harsh subject, I know it could be a bug in Office 97, but 
buying 150+ Office XP licenses is not possible. And I am almost sure 
that it won't happen when opening a file on a Windows Server.

So my guess is: Office 97 running under XP is trying to do something to 
the NT ACLs it gets from the server. At some point this fails and leaves 
this mess. Maybe Windows servers have some kind of workaround for that, 
but I will look into it later on today when a test setup is up.

I tried a lot forcing the file mode and security mask but it didn't help.

I saw at least two guys stating this problem on this list with no 
solution. I'm not sure if this bug is known or if it even was fixed in 
3.0.3 already.

If think you can help me please feel free to ask me anything you want to 
know, or request more detailed information/traces, even access to a test 

Thanks guys,


More information about the samba-technical mailing list