[Samba] Samba - NT ACL implemented by Unix Posix ACL via Samba

Juer Lee juer.lee at plasmon.ie
Tue Mar 1 01:55:02 GMT 2005

Hash: SHA1

Juer Lee wrote:

| 1.       Why Samba always think the owner always
| has 'READ' access right on a file, 'READ and WRITE' access
| rights on a directory? I checked the code of
| posix_acls.c, those bits are OR-ed by default

|| It was a workaround for some empty nttrans_set_security_descriptor()
|| requests IIRC.  Mostly had problems with profiles becoming
|| unusable.

[Juer] Thanks.

| 2.       Try to create a folder via the Samba
| Win2k client(make sure there are only base permissions
| on it - no any ACLs), right click on the folder and go
| to 'Security' tab, choose the owner in the name table,
| tick some check-boxes in column 'Allow' and
| click 'Apply', you will see two more entries 'CREATOR OWNER'
| and 'CREATOR GROUP' are displayed - I understand this
| is caused  by that the default ACLs are created.
| ut why the default ACLs for the owner is NOT created??
| The default ACLs can only be created when the
| former steps are repeated.

|| If I understand your question correctly, it is because Samba
|| only translates the acls as they exist on disk.  You can
|| setup the default acls from a shell prompt if you like.

[Juer] This seems not true. I am able to setup the default ACLs from the
Samba client directly. The only issue is: In Properties->Security of the
folder, if I try to set the permission for the owner, say I ticked all
check-boxes, after I click on apply, only the ACLs for 'Creator Owner',
'Creator Group' and 'Other' applied to all subfolders and files only are
added. (This can be checked via Properties->Security->Advanced. This is not
what I have expected, I need to add an default ACL with the user name as the
owner which will be applied to all subfolders and files. --- I can get my
goal when I repeat the former steps. This time, the default ACL with the
user name as the owner which will be applied to all subfolders and files are

cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list