[Samba] Problem with Excel on a share with ACLs

Martin Konold martin.konold at erfrakon.de
Mon Sep 20 06:39:47 GMT 2004 

Hi,

I am experiencing the problem as described in 
http://us1.samba.org/samba/docs/man/Samba-Guide/kerberos.html#id2562652

Unfortunately the remedy/workaround as described there does not work in the 
more general case of ACLs.

Problem description:
- User A owns file F. 
- User B has rw access to F via a user ACL
- Group G has rw access to F via a group ACL
- User B edits the excel file F
- User B saves file F.
- File F gets stored with user B being the owner and with read-only 
permissions (this behaviour is specific to samba/excel and does not happen 
with a W2K server)
- Due the concept of effective ACLs the file cannot be modified by user A 
anymore even though that user A belongs to the supplementary group B which has 
rw access

The initial problem is that Samba 3 behaves differently from a W2K server. In 
contrast to Samba 3 Windows does keep the ownership when a file is edited 
even though technically Excel does an intermediate copy. 

I am aware of the fact that Samba 3 is nothing more than a plain user process 
running with the credentials of the connected user. So when creating a new 
file the ownership must be the user and therefore cannot be preserved.

But with traditional unix:
- User B edits the file F which is owned by user A 
- User B is granted rw access via group permissions 
- The ownership, group and access mode is _preserved

So the question remains if it is possible to preserve the ACLs when editing a 
file with Excel? 

Somehow a Windows server does not really create a new intermediate file which 
is then renamed to the original filename. 

It looks to me that instead of 
- create new file intermediate file
- delete original file by renaming new file

it would be better if samba would do the following
- create new file intermediate file
- "cat" contents of the intermediate file on the _existing_ file

This would imho allow to preserver the ownership and the ACLs.

In order to establish understanding I repeat myself using pseudo shell 
commands.

Current Samba behavior:
- echo "data" > intermediate_file # user B is storing the file
- mv intermediate_file original_file # user B is now the owner of the file

Proposed Samba behavior:
- echo "data" > intermediate_file
- cat intermediate_file > original_file # contents of intermediate file 
      # is  propagated to the original file
      # without loosing ownership and without
      # changes to the ACLs


Anyone else has the same problem and knows about a remedy which works in 
environments with _many_ users sharing files in complex manners?

Yours,
-- martin

Dipl.-Phys. Martin Konold

e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold at erfrakon.de

More information about the samba mailing list