[Samba] POSIX to NT ACL bug

Sergey Zhitomirsky szh at dgap-gw.mipt.ru
Tue Mar 4 15:26:05 GMT 2003




On Mon, 3 Mar 2003, Brad Sagowitz wrote:

> I JUST got over this problem with help here on the mailing list... what 
> version/distro of linux are you running?
> 
> Brad Sagowitz

   I use samba 2.2.7a downloaded from samba.org
   on Suse 8.0 
 
> 
> 
> Sergey Zhitomirsky wrote:
> 
> >Hello
> >recently I set up XFS share under samba , and played from Win2K 
> >with ACL entries of shared files, 
> >and noticed that
> > Win2K never  DENY  ACL entries , 
> > so for example for a XFS file with acl: 
> >
> > # owner: a
> > user::r--
> > group::rwx
> > other::rwx
> > 
> >  Win2K security tab  shows for user "a": 
> >   Read & exec = <nothing here>
> >   Read        = Allowed
> >   Write       = <nothing here>
> >
> > But in fact, POSIX ACL will allow user "a" to read from the file
> > and deny write or execute the file , as posix acl will not consult any
> > other ACL entries, after founding  appropriate  user:  entry. 
> > 
> >  So, shown by Win2K  flags are  wrong, and must be instead : 
> >   Read & exec = Deny
> >   Read        = Allowed
> >   Write       = Deny
> >
> >  as NT ACL logic suppose, as far as know(?), that in case <nothing here>
> >  father ACL entries will be consulted, so in this case  NT user suppose
> >  that he has "rwx" rights on the file  due to  other::rwx rule 
> >  (-> Everybody, Full Access=Allowed)
> >
> >  but when tried to write - receive Permission Denied. 
> >
> >  So that is a samba bug, as samba must have send DENY for "write" and
> >  "execute" and ALLOW for "read"   for this user's file ("user::r--")  ,
> >  but now it just sends ALLOW for "read".
> >
> >
> > I have samba-2.2.7a, 
> > ./configure --with-acl-support --with-ssl --with-smbmount --disable-cups 
> >          --with-smbwrapper --with-vfs --with-libsmbclient --disable-swat 
> >
> >
> >Sergey.
> >
> >
> >  
> >
> 
> 
> 



More information about the samba mailing list