[Samba] Solaris ACLs + Linux ACLS - Files Becoming Read Only

Bolke de Bruin bdbruin at aub.nl
Mon Mar 21 09:10:24 GMT 2005

Samba 3.0.11 + acl (ext3)

I have to second this, but actually we are seeing the same problem with 
Linux ACLS (ext3) and Office 97. Further investigation showed that 
although the acls seem to be inherited (eg the group has write access) 
the do not seem to be honoured with regard to the user. Let me give an 
example to clarify:

2 users: y,x
belogn to group: mygroup

user x creates a file: A
user y modifies file A
user x cannot modify file A anymore

Permissions for user X are being set to read-only.

Note: In our case the user (X) is actually able to change the 
permissions and to write to the file again.

It would greatly appreciated if someone know a solution to this problem.


Bolke de Bruin

Solaris ACLs - Files Becoming Read Only


Since we have upgraded to Microsoft Office 2003 from Microsoft Office 
2000 we have had problems with files becoming Read Only.


We have read-only and write groups which have access to files. We 
control access using both the Samba configuration file and file system 
ACLs. This give our users the flexibilty to access files via NFS, FTP or 
Samba. We have had no problems until upgrading to Microsoft Office 2003 
on our client devices. Rolling back to Microsoft Office 2000 is 
unfortunately not an option.

When more than one users accesses a document using either Microsoft Word 
2003 or Microsoft Excel 2003 Samba will change permissions on the file 
and also modify the underlying ACL. The access does NOT have to be 
concurrent. One user can finish working with the file and another user 
can attempt to edit the file and cause it to become read-only.

System Information:

Operating System - Solaris 9 (sparc)
Samba Version - 3.08

Samba has been compiled with ACL support.

Abridged Samba Configuration:

       kernel oplocks = No
       create mask = 0770
       oplocks = No
       level2 oplocks = No

       valid users = @"readgroup",@"writegroup"
       read list = @"readgroup"
       write list = @"writegroup"
       force group = "readgroup"
       create mask = 0740
       force create mode = 0740
       inherit permissions = yes
       inherit acls = yes

Solaris ACL Configuration

The following is the ACL information on a file.

group::---              #effective:---
group:readgroup:r-x            #effective:r-x
group:writegroup:rwx           #effective:rwx

Standard Unix permissions on this file appear as

-rwx------+  (the + symbolises that the file has ACLs set)

The following is the resulting file permissions and ACLs on an AFFECTED 

user:username:rwx         #effective:rwx
group::r-x              #effective:r-x
group:writegroup:rwx           #effective:rwx


Whats Been Tried

We have tried enabling and disabling OpLocks without success.

We have also tried to disable ACLs on the file system and use standard 
UNIX permissions. This DOES stop files from becoming read only, but only 
provides the required access when accessing the file system via Samba. 
We need to continue using ACLs as Samba is not the only method used to 
access files.

Any ideas on how we may solve this problem would be greatly appreciated.


More information about the samba mailing list