[Samba] fake_perms and read-only profiles

[Josh Kelley]

I tried using the fake_perms module to set up some read-only profiles 
and couldn't get it to work.  Could someone please point out what I'm 
doing wrong?

I created a copy of my regular [profiles] share with the fake_perms 
module loaded:
[staticprofiles]
    path = /staticprofiles
    invalid users = root
    browseable = yes
    csc policy = disable
    veto oplock files = /prf*.tmp/
    vfs object = fake_perms

I created the staticprofiles directory and a subdirectory for the 
account named "alumni":
mkdir /staticprofiles
mkdir /staticprofiles/alumni
chown alumni:users /staticprofiles/alumni

I set the alumni account to use the staticprofiles share instead of the 
profiles share that everyone else uses:
pdbedit -u alumni -p '\\myserver\staticprofiles'

It's my understanding that under this setup, the alumni account would be 
unable to write to \\myserver\staticprofiles\alumni via Samba but that 
it wouldn't get any errors when it tries to write.  But that's not what 
happens.  If the alumni account has write permissions to the 
/staticprofiles/alumni directory, then it can write to it via Samba.  If 
it doesn't have permissions, then it gets an access denied error when it 
tries to write.

Am I doing something wrong?  Or do I misunderstand what fake_perms is 
supposed to do?

Josh Kelley