[Samba] ACL and delete files

John H Terpstra jht at Samba.Org
Fri Apr 15 15:21:22 GMT 2005 

Please file this as a bug report on https://bugzilla.samba.org if you want 
this to be dealt with. All Samba bug related issues are dealt with via 
bugzilla.

- John T.

On Friday 15 April 2005 08:59, Peter Kruse wrote:
> Hello,
>
> Here's a way to force the error.  Please try it.
> To summarize:  Create a file with permission bits set to 470, owned by
> root.  With setfacl give write permission to a group.  Users in that
> group will not be able to modify the file when accessing the share
> from a windows client.  This is true for smbclient as well.
> Modifying the file under Linux works as expected.
>
> Please confirm if you observe the same behaviour.
>
> $ ls -l testi2.txt
> -r--rwx---+ 1 root QLEAP+domänen-benutzer 14 Apr 15 16:40 testi2.txt
> (Note the file belongs to root but has no write permission)
> $ getfacl testi2.txt
> # file: testi2.txt
> # owner: root
> # group: QLEAP+dom\303\244nen-benutzer
> user::r--
> user:QLEAP+testi2:rwx
> group::r--
> group:QLEAP+testgruppe20:rwx
> mask::rwx
> other::---
> $ id
> uid=10032(QLEAP+testi2) gid=10029(QLEAP+domänen-benutzer)
> ..,10067(QLEAP+testgruppe20),....
> $ vi testi2.txt
> (can edit the file)
> $ smbcacls  -U testi2 //hatest1/admin testgruppe20/testi2.txt
> creating lame upcase table
> creating lame lowcase table
> Password:
> REVISION:1
> OWNER:HATEST1+root
> GROUP:QLEAP+Domänen-Benutzer
> ACL:HATEST1+root:ALLOWED/0/R
> ACL:QLEAP+testgruppe20:ALLOWED/0/FULL
> ACL:QLEAP+Domänen-Benutzer:ALLOWED/0/R
> ACL:QLEAP+testi2:ALLOWED/0/FULL
> ACL:+Jeder:ALLOWED/0/
> $ smbclient  -U testi2 //hatest1/admin
> creating lame upcase table
> creating lame lowcase table
> Password:
> Domain=[QLEAP] OS=[Unix] Server=[Samba 3.0.13-Debian]
> smb: \> cd testgruppe20
> smb: \testgruppe20\> lcd /etc
> smb: \testgruppe20\> put passwd
> putting file passwd as \testgruppe20\passwd (1122.9 kb/s) (average
> 1123.0 kb/s)
> smb: \testgruppe20\> put passwd testi2.txt
> NT_STATUS_ACCESS_DENIED opening remote file \testgruppe20\testi2.txt
> smb: \testgruppe20\> q
> $
>
> With this information I hope it is possible to find the bug.
>
> Thanks,
>
> 	Peter

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list