ACL Problem

[Stefan Gohmann]

Hello,

I've got a question about using ACLs.

My share on a linux xfs fielsystem with samba 3.0.10:
[daten1]
    path = /mnt/daten1
    read only = No
    force security mode = 0700
    inherit acls = Yes
    include = /etc/samba/local.conf

User: 
lancia:~# id stefan
uid=2047(stefan) gid=5001(Domain Users) groups=5001(Domain Users)

First I set the ACLs for group "Domain Users":

lancia:~# getfacl /mnt/daten1/test
# file: mnt/daten1/test
# owner: root
# group: root
user::rwx
group::r-x
group:Domain\040Users:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:Domain\040Users:rwx
default:mask::rwx
default:other::r-x

Now I create a new directory:
stefan at lancia:~$ mkdir /mnt/daten1/test/stefan1
stefan at lancia:~$

I remove the ACL for "Domain Users":
lancia:~# setfacl  -x g:Domain\ Users /mnt/daten1/test
lancia:~# getfacl /mnt/daten1/test
getfacl: Removing leading '/' from absolute path names
# file: mnt/daten1/test
# owner: root
# group: root
user::rwx
group::r-x
mask::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:Domain\040Users:rwx
default:mask::rwx
default:other::r-x

lancia:~#

And try to create a new directory:

stefan at lancia:~$ mkdir /mnt/daten1/test/stefan2
mkdir: cannot create directory `/mnt/daten1/test/stefan2': Permission
denied
stefan at lancia:~$

smbcacls shows me that "Domain Users" have full access.

stefan at lancia:~$ smbcacls -U stefan //lancia/daten1 test
Password:
REVISION:1
OWNER:AUTOS+root
GROUP:LANCIA+root
ACL:+Everyone:ALLOWED/3/READ
ACL:AUTOS+root:ALLOWED/0/FULL
ACL:LANCIA+root:ALLOWED/0/READ
ACL:+Creator Owner:ALLOWED/11/FULL
ACL:AUTOS+Domain Users:ALLOWED/11/FULL
ACL:+Creator Group:ALLOWED/11/READ
stefan at lancia:~$

Windows shows me full access for "Domain Users".

Is that a samba bug? 

Greetings
Stefan

-- 
Stefan Gohmann     <gohmann at univention.de>       fon: +49 421 22 232- 0
Entwicklung        Linux for Your Business
Univention GmbH    http://www.univention.de/     fax: +49 421 22 232-99