Setting ACLs when creating files from Windows
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Jul 30 14:15:26 GMT 2008
On Fri, Jul 18, 2008 at 02:00:15PM +0200, Corinna Vinschen wrote:
> - Why does legacy_sid_to_uid fail? The user with the above SID has been
> authenticated correctly and is mapped to a unix user:
>
> [2008/07/18 13:12:45, 5] smbd/uid.c:change_to_user(273)
> change_to_user uid=(500,500) gid=(0,11125)
>
> Why is the SID not mapped to that uid?
Good question. We'd need a debug level 10 log of that.
> - I'm looking for a generic solution to this problem from a Windows
> application perspective. Except that the underlying system is
> a Samba share, I heve no further knowledge about the underlying
> system. I don't know which securty is used and I have no idea
> about the SIDs used for UNIX users and groups. I only know the
> SID of my Windows environment.
>
> Is there any chance to have a generic solution, except for ignoring
> file permissions when creating files on Samba?
In theory, creating files with security descriptors should
work fine. However, if you want to create files with
posix-style permissions, one way could be to use the EA path
and pass the permission info along. This would require a
Samba code change however.
> - Last but not least, in the first case, where the descriptor is give
> to NtCreateFile, why is the file not removed even though NtCreateFile
> failed?
That's a Samba bug.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080730/2b1a3d79/attachment.bin
More information about the samba-technical
mailing list