[Samba] POSIX to NT ACL bug
Sergey Zhitomirsky
szh at dgap-gw.mipt.ru
Tue Mar 4 15:26:05 GMT 2003
On Mon, 3 Mar 2003, Brad Sagowitz wrote:
> I JUST got over this problem with help here on the mailing list... what
> version/distro of linux are you running?
>
> Brad Sagowitz
I use samba 2.2.7a downloaded from samba.org
on Suse 8.0
>
>
> Sergey Zhitomirsky wrote:
>
> >Hello
> >recently I set up XFS share under samba , and played from Win2K
> >with ACL entries of shared files,
> >and noticed that
> > Win2K never DENY ACL entries ,
> > so for example for a XFS file with acl:
> >
> > # owner: a
> > user::r--
> > group::rwx
> > other::rwx
> >
> > Win2K security tab shows for user "a":
> > Read & exec = <nothing here>
> > Read = Allowed
> > Write = <nothing here>
> >
> > But in fact, POSIX ACL will allow user "a" to read from the file
> > and deny write or execute the file , as posix acl will not consult any
> > other ACL entries, after founding appropriate user: entry.
> >
> > So, shown by Win2K flags are wrong, and must be instead :
> > Read & exec = Deny
> > Read = Allowed
> > Write = Deny
> >
> > as NT ACL logic suppose, as far as know(?), that in case <nothing here>
> > father ACL entries will be consulted, so in this case NT user suppose
> > that he has "rwx" rights on the file due to other::rwx rule
> > (-> Everybody, Full Access=Allowed)
> >
> > but when tried to write - receive Permission Denied.
> >
> > So that is a samba bug, as samba must have send DENY for "write" and
> > "execute" and ALLOW for "read" for this user's file ("user::r--") ,
> > but now it just sends ALLOW for "read".
> >
> >
> > I have samba-2.2.7a,
> > ./configure --with-acl-support --with-ssl --with-smbmount --disable-cups
> > --with-smbwrapper --with-vfs --with-libsmbclient --disable-swat
> >
> >
> >Sergey.
> >
> >
> >
> >
>
>
>
More information about the samba
mailing list