smbcacls domain sid issue
Björn Baumbach
bb at sernet.de
Thu Feb 17 18:13:12 UTC 2022
Hey,
I think I've detected a bug.
First of all I place a file "file" as Administator on a share which uses
the acl_xattr vfs module.
# testparm -s --section-name=xattr
[xattr]
path = /share
printing = cups
read only = No
vfs objects = acl_xattr
The ACLs looks like this:
# samba-tool ntacl get file --as-sddl --service=xattr --use-ntvfs
O:LAG:DUD:(A;;0x001f01ff;;;LA)(A;;0x001200a9;;;DU)(A;;0x001200a9;;;WD)
When I now use the smbcacls tool to set the ACLs again:
# smbcacls --sddl
-S="O:LAG:DUD:(A;;0x001f01ff;;;LA)(A;;0x001200a9;;;DU)(A;;0x001200a9;;;WD)"
-UAdministrator%Passw0rd //dm3.temp.test/xattr
the SDDL ACL looks like this:
# samba-tool ntacl get file --as-sddl --service=xattr --use-ntvfs
O:S-1-5-21-3367907150-2849503042-2089288414-500G:S-1-5-21-3367907150-2849503042-2089288414-513D:(A;;0x001200a9;;;WD)(A;;0x001f01ff;;;S-1-5-21-3367907150-2849503042-2089288414-500)(A;;0x001200a9;;;S-1-5-21-3367907150-2849503042-2089288414-513)
Is seems that wrongly the local SID (instead of domain sid) is used here:
# net getdomainsid
SID for local machine DM3 is: S-1-5-21-3367907150-2849503042-2089288414
SID for domain TEMP is: S-1-5-21-4063336984-1021020757-935970304
What do you think? I'm not sure whats the source of the issue. I've
verified that setting the ACL in the SDDL format via "samba-tool ntacl
set ..." works fine, so it might be an issue with the smbcacls tool:
# samba-tool ntacl set
'O:LAG:DUD:(A;;0x001f01ff;;;LA)(A;;0x001200a9;;;DU)(A;;0x001200a9;;;WD)'
file --service=xattr
# samba-tool ntacl get file --as-sddl --service=xattr --use-ntvfs
O:LAG:DUD:(A;;0x001f01ff;;;LA)(A;;0x001200a9;;;DU)(A;;0x001200a9;;;WD)
Best regards,
Björn
--
SerNet GmbH - Bahnhofsallee 1b - 37081 Goettingen
phone: +49.551.370000.0 - web: https://sernet.com
http://www.sernet.com - mailto:contact at sernet.com
AG Goettingen HRB2816, CEO: J.Loxen, CFO: R. Jung
data privacy policy https://www.sernet.de/privacy
More information about the samba-technical
mailing list