Setting ACLs when creating files from Windows

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed Jul 30 14:15:26 GMT 2008

On Fri, Jul 18, 2008 at 02:00:15PM +0200, Corinna Vinschen wrote:
> - Why does legacy_sid_to_uid fail?  The user with the above SID has been
>   authenticated correctly and is mapped to a unix user:
>   [2008/07/18 13:12:45, 5] smbd/uid.c:change_to_user(273)
>     change_to_user uid=(500,500) gid=(0,11125)
>   Why is the SID not mapped to that uid?

Good question. We'd need a debug level 10 log of that.

> - I'm looking for a generic solution to this problem from a Windows
>   application perspective.  Except that the underlying system is
>   a Samba share, I heve no further knowledge about the underlying
>   system.  I don't know which securty is used and I have no idea
>   about the SIDs used for UNIX users and groups.  I only know the
>   SID of my Windows environment.
>   Is there any chance to have a generic solution, except for ignoring
>   file permissions when creating files on Samba?

In theory, creating files with security descriptors should
work fine. However, if you want to create files with
posix-style permissions, one way could be to use the EA path
and pass the permission info along. This would require a
Samba code change however.

> - Last but not least, in the first case, where the descriptor is give
>   to NtCreateFile, why is the file not removed even though NtCreateFile
>   failed?

That's a Samba bug.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list