Rename is allowed after setting ACL

[VigneshDhanraj G]

Jeremy,

Windows is not allowing to rename if write permission is denied.
Please let me know why samba allows renaming when acl is enabled.


Thanks
Vigneshdhanraj G


On Tue, Sep 27, 2016 at 12:13 AM, Jeremy Allison <jra at samba.org> wrote:

> On Mon, Sep 26, 2016 at 04:00:09PM +0530, VigneshDhanraj G wrote:
> > Is there any update on this rename issue.?
>
> What rename issue ? As far as I can see as Richard
> pointed out below, Samba conforms to Windows behavior.
>
> >
> > On Tue, Sep 20, 2016 at 8:59 PM, VigneshDhanraj G <
> > vigneshdhanraj.g at gmail.com> wrote:
> >
> > > So are you asking me about the permission of /home/dhanraj/folder1..?,
> > > where my file is /home/dhanraj/folder1/Picture.png..?
> > >
> > > In my case, the user has permission for the share "folder1" .
> > >
> > > getfacl: Removing leading '/' from absolute path names
> > > # file: /home/dhanraj/folder1
> > > # owner: nobody
> > > # group: users
> > > user::rwx
> > > group::rwx
> > > other::rwx
> > >
> > > Regards,
> > > Vigneshdhanraj G
> > >
> > >
> > >
> > > On Tue, Sep 20, 2016 at 8:47 PM, Richard Sharpe <
> > > realrichardsharpe at gmail.com> wrote:
> > >
> > >> On Tue, Sep 20, 2016 at 12:08 AM, VigneshDhanraj G
> > >> <vigneshdhanraj.g at gmail.com> wrote:
> > >> > In Windows, if i denied the permissions i am not able to rename.
> > >> >
> > >> > getfacl output for cifs share-
> > >> >
> > >> > getfacl /home/dhanraj/Picture.png
> > >> >
> > >> > # file: home/dhanraj/Picture.png
> > >> > # owner: nobody
> > >> > # group: users
> > >> > user::rw-
> > >> > user:nobody:rw-
> > >> > user:vignesh:---
> > >> > group::rw-
> > >> > group:users:rw-
> > >> > mask::rwx
> > >> > other::rw-
> > >> >
> > >> > I denied permission for the user 'vignesh'  but still able to
> rename the
> > >> > file 'Picture.png'.
> > >> > Whereis in 4.0.9 renaming itself is denied for above set permission.
> > >>
> > >> Sure. What you are saying is that Samba now conforms to correct
> > >> Windows behavior with regard to rename.
> > >>
> > >> Under NTFS, rename is like a delete followed by an add of the new
> > >> name. To delete you either need Delete Child on the parent or delete
> > >> on the object. To add a new name you need Add on the parent.
> > >>
> > >> You haven't shown us the permissions on the parent, which are the
> > >> relevant thing for this operation, since Posix ACLs do not, AFAIK,
> > >> have an equivalent to delete permission. You need WRITE on the parent
> > >> to do that.
> > >>
> > >> Regards
> > >> --
> > >> Richard Sharpe
> > >> (何以解憂？唯有杜康。--曹操)
> > >>
> > >
> > >
>