[Samba] Solaris ACLs - Files Becoming Read Only

Damien Harrod damien.harrod at manukau.ac.nz
Sun Mar 20 06:26:37 GMT 2005 

Solaris ACLs - Files Becoming Read Only
---------------------------------------

Problem:
--------

Since we have upgraded to Microsoft Office 2003 from Microsoft Office 2000 
we have had problems with files becoming Read Only.


Background:
-----------

We have read-only and write groups which have access to files. We control 
access using both the Samba configuration file and file system ACLs. This 
give our users the flexibilty to access files via NFS, FTP or Samba. We have 
had no problems until upgrading to Microsoft Office 2003 on our client 
devices. Rolling back to Microsoft Office 2000 is unfortunately not an 
option.

When more than one users accesses a document using either Microsoft Word 
2003 or Microsoft Excel 2003 Samba will change permissions on the file and 
also modify the underlying ACL. The access does NOT have to be concurrent. 
One user can finish working with the file and another user can attempt to 
edit the file and cause it to become read-only.


System Information:
-------------------

Operating System - Solaris 9 (sparc)
Samba Version - 3.08

Samba has been compiled with ACL support.


Abridged Samba Configuration:
-----------------------------

[global]
        kernel oplocks = No
        create mask = 0770
        oplocks = No
        level2 oplocks = No

[sharename]
        valid users = @"readgroup",@"writegroup"
        read list = @"readgroup"
        write list = @"writegroup"
        force group = "readgroup"
        create mask = 0740
        force create mode = 0740
        inherit permissions = yes
        inherit acls = yes


Solaris ACL Configuration
-------------------------

The following is the ACL information on a file.

 user::rwx
 group::---              #effective:---
 group:readgroup:r-x            #effective:r-x
 group:writegroup:rwx           #effective:rwx
 mask:rwx
 other:---


Standard Unix permissions on this file appear as

 -rwx------+  (the + symbolises that the file has ACLs set)

The following is the resulting file permissions and ACLs on an AFFECTED 
FILE.

 user::r-x
 user:username:rwx         #effective:rwx
 group::r-x              #effective:r-x
 group:writegroup:rwx           #effective:rwx
 mask:rwx
 other:---

 -r-xr-x---+


Whats Been Tried
----------------

We have tried enabling and disabling OpLocks without success.

We have also tried to disable ACLs on the file system and use standard UNIX 
permissions. This DOES stop files from becoming read only, but only provides 
the required access when accessing the file system via Samba. We need to 
continue using ACLs as Samba is not the only method used to access files.

Any ideas on how we may solve this problem would be greatly appreciated.

Thanks,
Damien

More information about the samba mailing list