[Samba] Samba - NT ACL implemented by Unix Posix ACL via Samba

Gerald (Jerry) Carter jerry at samba.org
Mon Feb 28 15:43:04 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Juer Lee wrote:

| 1.       Why Samba always think the owner always
| has 'READ' access right on a file, 'READ and WRITE' access
| rights on a directory? I checked the code of
| posix_acls.c, those bits are OR-ed by default

It was a workaround for some empty nttrans_set_security_descriptor()
requests IIRC.  Mostly had problems with profiles becoming
unusable.

| 2.       Try to create a folder via the Samba
| Win2k client(make sure there are only base permissions
| on it - no any ACLs), right click on the folder and go
| to 'Security' tab, choose the owner in the name table,
| tick some check-boxes in column 'Allow' and
| click 'Apply', you will see two more entries 'CREATOR OWNER'
| and 'CREATOR GROUP' are displayed - I understand this
| is caused  by that the default ACLs are created.
| ut why the default ACLs for the owner is NOT created??
| The default ACLs can only be created when the
| former steps are repeated.

If I understand your question correctly, it is because Samba
only translates the acls as they exist on disk.  You can
setup the default acls from a shell prompt if you like.





cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCIzwHIR7qMdg1EfYRAv+BAJ4hWjAvMlVGM8Vp89l3FIQLFBd8ywCfdCE8
qYbhIRHEYjY1oUWVI1Ifaas=
=5jPt
-----END PGP SIGNATURE-----


More information about the samba mailing list