[Samba] Samba - NT ACL implemented by Unix Posix ACL via Samba

Juer Lee juer.lee at plasmon.ie
Tue Mar 1 01:55:02 GMT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Juer Lee wrote:

| 1.       Why Samba always think the owner always
| has 'READ' access right on a file, 'READ and WRITE' access
| rights on a directory? I checked the code of
| posix_acls.c, those bits are OR-ed by default

|| It was a workaround for some empty nttrans_set_security_descriptor()
|| requests IIRC.  Mostly had problems with profiles becoming
|| unusable.

[Juer] Thanks.

| 2.       Try to create a folder via the Samba
| Win2k client(make sure there are only base permissions
| on it - no any ACLs), right click on the folder and go
| to 'Security' tab, choose the owner in the name table,
| tick some check-boxes in column 'Allow' and
| click 'Apply', you will see two more entries 'CREATOR OWNER'
| and 'CREATOR GROUP' are displayed - I understand this
| is caused  by that the default ACLs are created.
| ut why the default ACLs for the owner is NOT created??
| The default ACLs can only be created when the
| former steps are repeated.

|| If I understand your question correctly, it is because Samba
|| only translates the acls as they exist on disk.  You can
|| setup the default acls from a shell prompt if you like.

[Juer] This seems not true. I am able to setup the default ACLs from the
Samba client directly. The only issue is: In Properties->Security of the
folder, if I try to set the permission for the owner, say I ticked all
check-boxes, after I click on apply, only the ACLs for 'Creator Owner',
'Creator Group' and 'Other' applied to all subfolders and files only are
added. (This can be checked via Properties->Security->Advanced. This is not
what I have expected, I need to add an default ACL with the user name as the
owner which will be applied to all subfolders and files. --- I can get my
goal when I repeat the former steps. This time, the default ACL with the
user name as the owner which will be applied to all subfolders and files are
created.



cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCIzwHIR7qMdg1EfYRAv+BAJ4hWjAvMlVGM8Vp89l3FIQLFBd8ywCfdCE8
qYbhIRHEYjY1oUWVI1Ifaas=
=5jPt
-----END PGP SIGNATURE-----
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list