Rename is allowed after setting ACL

Uri Simchoni uri at samba.org
Wed Sep 28 08:05:43 UTC 2016 

On 09/28/2016 10:27 AM, VigneshDhanraj G wrote:
> Hi Jeremy,
> 
> Let me explain my doubt clearly.
> 
> I am using samba 4.3 version where as you said “acl” is enabled by default.
> I have few shares in my Linux machine.
> 
> Now I try to access my Linux share from a windows 7 machine via CIFS.
> I could get the listing of all the files in my share.
> 
> I tried to change the permission of a particular file for a particular user.
> Actually I denied read-write permission for that file for the user.
> 
> But when I try to login with that user, I could not read/write to the file.
> But it allows me to rename the file alone.
> 
> In my previous discussions in this forum, I heard this permission concept
> goes by Windows behavior.
> 
> So I did a try of doing the same settings which I have described above to
> one of my Windows share.
> Now when I tried to login with the user and when I tried to access the file
> from another Windows machine,
> in addition to read-write, rename is also denied giving a error pop-up
> saying “You don’t have permission to
> perform this action”.
> 
> If samba acl behavior goes by that of windows then how come samba allows
> rename whereas windows does not.
> 
> Hope you understand and please let me know if any further info is needed.
> 
> Thanks
> Vigneshdhanraj G
> 
> On Tue, Sep 27, 2016 at 10:04 PM, Jeremy Allison <jra at samba.org> wrote:
> 
>> On Tue, Sep 27, 2016 at 07:32:03PM +0530, VigneshDhanraj G wrote:
>>> Jeremy,
>>>
>>> Windows is not allowing to rename if write permission is denied.
>>> Please let me know why samba allows renaming when acl is enabled.
>>
>> You are not being at all clear I'm afraid. Please explain
>> exactly the difference in behavior between Windows and Samba.
>>
>> "if write permission is denied" tells us nothing. Write
>> permission is denied on what object ?
>>
>> "when acl is enabled" - ACLs are always enabled. What
>> does this mean ?
>>
>> You see my problem ?
>>
Please provide the output of the following commands, run from your
client command window:

cacls <parent folder> /S
cacls <parent folder>\<file that can be renamed> /S

Then repeat it on the Windows share.

So we're looking for 4 commands and their output. Hopefully that will
provide an explanation, although we're not showing the process token
which is another piece of the puzzle.

Thanks,
Uri.

More information about the samba-technical mailing list