[Samba] POSIX to NT ACL bug
Brad Sagowitz
sagz at sagz.dynip.com
Tue Mar 4 01:54:29 GMT 2003
I JUST got over this problem with help here on the mailing list... what
version/distro of linux are you running?
Brad Sagowitz
Sergey Zhitomirsky wrote:
>Hello
>recently I set up XFS share under samba , and played from Win2K
>with ACL entries of shared files,
>and noticed that
> Win2K never DENY ACL entries ,
> so for example for a XFS file with acl:
>
> # owner: a
> user::r--
> group::rwx
> other::rwx
>
> Win2K security tab shows for user "a":
> Read & exec = <nothing here>
> Read = Allowed
> Write = <nothing here>
>
> But in fact, POSIX ACL will allow user "a" to read from the file
> and deny write or execute the file , as posix acl will not consult any
> other ACL entries, after founding appropriate user: entry.
>
> So, shown by Win2K flags are wrong, and must be instead :
> Read & exec = Deny
> Read = Allowed
> Write = Deny
>
> as NT ACL logic suppose, as far as know(?), that in case <nothing here>
> father ACL entries will be consulted, so in this case NT user suppose
> that he has "rwx" rights on the file due to other::rwx rule
> (-> Everybody, Full Access=Allowed)
>
> but when tried to write - receive Permission Denied.
>
> So that is a samba bug, as samba must have send DENY for "write" and
> "execute" and ALLOW for "read" for this user's file ("user::r--") ,
> but now it just sends ALLOW for "read".
>
>
> I have samba-2.2.7a,
> ./configure --with-acl-support --with-ssl --with-smbmount --disable-cups
> --with-smbwrapper --with-vfs --with-libsmbclient --disable-swat
>
>
>Sergey.
>
>
>
>
More information about the samba
mailing list