[Samba] Samba creates User-ACL's

Peter Koch samba-list at naev.de
Tue Aug 19 12:05:40 GMT 2003

Dear Readers:

I'm using Samba 2.2.8a with ACL-support and noticed the
following behaviour.

If a MS-word document with owner u1, group g1 and
permissions 660 is edited by user u2 wich belongs to
group g1, the owner of the file will be changed to u2
and an ACL will be created for u1

This is very annoying since
a) we don't need this ACLs (u1, u2, u3 are all members
   of g1)
b) if users are removed from group g1 we don't want
   them to have write-Access to the files. But thea
   still have write-access to some files, namely those
   they have changed

ian our case group g1 contains
all user that should have write-permission to the file
and if one user is removed from group g1 he should no
longer have write permissions.

But after a user has been removed from group g1 he
can still change all files the were changed ba him
at least once.

Here's an example:

-rw-rw----  u1 g1 example.doc

Now example.doc is changed by u2:

-rw-rwxr--+ u2 g1 example.doc

# file: example.doc
# owner: u2
# group: g1
user:u1:rw- #effective:rw-
group::rw-  #effective:rw-

Now example.doc is changed by u3:

-rw-rwxr--+ u3 g1 example.doc

# file: example.doc
# owner: u3
# group: g1
user:u1:rw- #effective:rw-
user:u2:rw- #effective:rw-
group::rw-  #effective:rw-

Any ideas how to prevent this !!



Peter Koch <samba-list at naev.de>

More information about the samba mailing list