[Samba] Problem with ACLs/Samba-3.0.0-beta1

José Luis Tallón jltallon at adv-solutions.net
Wed Jul 9 13:00:18 GMT 2003

I have installed Samba-3.0 beta1 and accomplished a migration from an W2k 
mixed mode DC.
Except for some trouble with winbind, with i solved by hacking a bit in the 
LDAP directory ( manually assigning UIDs and GIDs ), everything is fine now.

Thanks Samba Team for a good work, keep improving ;)

A couple of weeks ago i asked about ACL support, and was answered that 
"full control" was given by an RWX entry in ACLs.
Today, while changing permissions on a file, we have verified that the 
capability of giving permission to others over a file is restricted to that 
file's owner ( i was told otherwise ).

System:	Debian GNU/Linux 3.0 "Woody" + some packages from SID
Kernel:	Linux-2.4.21 + LVM1.0.7 + xfs1.2
Samba:	Samba-3.0.0.beta1-2 from Debian's 'unstable'
LDAP:		OpenLDAP-2.1.21 from Debian's 'unstable'
Additional info:	setfacl and getfacl work properly, changing permissions 
from windows' "Security" Tab works provided the user changing them is the 
object's owner.

Question 1:
	How can I make some user have "full control" over a directory or a file ( 
from the Windows side, if possible ) ?
	I can just chown from the Linux side and let the user do things, but that 
user won't be able to delegate full control to another user without my 
intervention :-|

Question 2:
	Is there any workaround for this? Plans to implement it ?

Any information on this would be much appreciated.

I was told there was a patch for Samba-2.2.x that implemented full NT 
semantics for Samba, but it has not been ported to Samba-3 (yet?).

Thanks in advance.


More information about the samba mailing list