samba NT ACL support problem?

Chris Tracy ctracy at students.engr.scu.edu
Tue Oct 23 23:30:03 GMT 2001


	Recently, a problem developed in storing IE5's Temporary Internet
Files on our samba exported network scratch space.  In tracking it down, I
found that the Win2k client attempts to set the ACL of the file
"Content.IE5/index.dat".  However, the this call ends up setting the mode
of index.dat to 0407 (-r-----rwx), thus making the file unmodifiable to
the user who created it.  (This in turn causes IE to drop back to using
c:\winnt\temporary internet files for it's cache)

	The interesting log output is:

[2001/10/23 20:07:04, 3] smbd/dosmode.c:unix_mode(113)
  unix_mode(iecache/user/Content.IE5/index.dat) returning 0644
[2001/10/23 20:07:04, 3] smbd/posix_acls.c:set_nt_acl(2158)
  set_nt_acl: chmod iecache/user/Content.IE5/index.dat. perms = 0407.
[2001/10/23 20:07:04, 5] smbd/nttrans.c:call_nt_transact_create(1457)
  call_nt_transact_create: open name = iecache/user/Content.IE5/index.dat

	The truly strange thing is that nothing has changed on the samba
server.  In addition, there have been no changes made (to my knowledge) to
any of our workstations.  (The problem now occurs on all of our 70+ win2k
clients, with SP2 and with no service packs)  This setup has worked
correctly for over a year with win2k clients.  I've combed through deja,
google, and all of the samba mailing list archives but found nothing.

	I've tested and recieve the same results on both samba-2.2.1
(linux) and samba-2.2.2 (solaris), while the file is stored correctly on
the local NTFS partition and an NT4 server hosted share.

	FYI the cacls output of the samba hosted file is:

Content.IE5\index.dat <Account Domain not found>(special access:)
				WRITE_OWNER
			<Account Domain not found>(special access:)
                                READ_CONTROL
				SYNCHRONIZE
                                FILE_GENERIC_READ
                                FILE_READ_DATA
				FILE_READ_EA
                                FILE_READ_ATTRIBUTES

                                Everyone:F

	while the cacls output of the NT4 hosted file is:

K:\Content.IE5\index.dat Everyone:(special access:)
                                  READ_CONTROL
                                  SYNCHRONIZE
                                  FILE_GENERIC_READ
                                  FILE_GENERIC_WRITE
                                  FILE_GENERIC_EXECUTE
                                  FILE_READ_DATA
                                  FILE_WRITE_DATA
                                  FILE_APPEND_DATA
                                  FILE_READ_EA
                                  FILE_WRITE_EA
                                  FILE_EXECUTE
                                  FILE_READ_ATTRIBUTES
                                  FILE_WRITE_ATTRIBUTES

                         BUILTIN\Administrators:F
                         NT AUTHORITY\SYSTEM:F

	Anyone seen this before or have any ideas what might be causing
it?  (I've tried with "nt acl support" both on and off)

	Thanks,

	Chris

---------------------------------
Chris Tracy
System/Network Administrator
Engineering Design Center
Santa Clara University
"Wherever you go, there you are."





More information about the samba mailing list