[Samba] ACL and delete files

Peter Kruse pk at q-leap.com
Fri Apr 15 15:29:06 GMT 2005


John H Terpstra wrote:
> Please file this as a bug report on https://bugzilla.samba.org if you want 
> this to be dealt with. All Samba bug related issues are dealt with via 
> bugzilla.
> 

The closed bug #2521 looks like related to this, and I was thinking to
reopen it if I can.

	Ptr

> - John T.
> 
> On Friday 15 April 2005 08:59, Peter Kruse wrote:
> 
>>Hello,
>>
>>Here's a way to force the error.  Please try it.
>>To summarize:  Create a file with permission bits set to 470, owned by
>>root.  With setfacl give write permission to a group.  Users in that
>>group will not be able to modify the file when accessing the share
>>from a windows client.  This is true for smbclient as well.
>>Modifying the file under Linux works as expected.
>>
>>Please confirm if you observe the same behaviour.
>>
>>$ ls -l testi2.txt
>>-r--rwx---+ 1 root QLEAP+domänen-benutzer 14 Apr 15 16:40 testi2.txt
>>(Note the file belongs to root but has no write permission)
>>$ getfacl testi2.txt
>># file: testi2.txt
>># owner: root
>># group: QLEAP+dom\303\244nen-benutzer
>>user::r--
>>user:QLEAP+testi2:rwx
>>group::r--
>>group:QLEAP+testgruppe20:rwx
>>mask::rwx
>>other::---
>>$ id
>>uid=10032(QLEAP+testi2) gid=10029(QLEAP+domänen-benutzer)
>>..,10067(QLEAP+testgruppe20),....
>>$ vi testi2.txt
>>(can edit the file)
>>$ smbcacls  -U testi2 //hatest1/admin testgruppe20/testi2.txt
>>creating lame upcase table
>>creating lame lowcase table
>>Password:
>>REVISION:1
>>OWNER:HATEST1+root
>>GROUP:QLEAP+Domänen-Benutzer
>>ACL:HATEST1+root:ALLOWED/0/R
>>ACL:QLEAP+testgruppe20:ALLOWED/0/FULL
>>ACL:QLEAP+Domänen-Benutzer:ALLOWED/0/R
>>ACL:QLEAP+testi2:ALLOWED/0/FULL
>>ACL:+Jeder:ALLOWED/0/
>>$ smbclient  -U testi2 //hatest1/admin
>>creating lame upcase table
>>creating lame lowcase table
>>Password:
>>Domain=[QLEAP] OS=[Unix] Server=[Samba 3.0.13-Debian]
>>smb: \> cd testgruppe20
>>smb: \testgruppe20\> lcd /etc
>>smb: \testgruppe20\> put passwd
>>putting file passwd as \testgruppe20\passwd (1122.9 kb/s) (average
>>1123.0 kb/s)
>>smb: \testgruppe20\> put passwd testi2.txt
>>NT_STATUS_ACCESS_DENIED opening remote file \testgruppe20\testi2.txt
>>smb: \testgruppe20\> q
>>$
>>
>>With this information I hope it is possible to find the bug.
>>
>>Thanks,
>>
>>	Peter
> 
> 



More information about the samba mailing list