[Samba] Samba Posix ACL and classical files permissions
Gerald (Jerry) Carter
jerry at samba.org
Wed Jan 4 15:18:28 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Albe wrote:
> For example, this is the getfacl under linux:
>
> # file: Operators
> # owner: albe
> # group: Domain\040Admins
> user::rwx
> user:alessandroc:r-x
> group::r--
> group:SwDevelopers:r-x
> mask::rwx
> other::r--
> default:user::rwx
> default:user:albe:r--
> default:user:alessandroc:r-x
> default:group::r--
> default:group:SwDevelopers:r-x
> default:mask::rwx
> default:other::r--
>
> If i look at the security properties under windows only
> the entries directly indicated explicitly in the acl is correctly
> shown, so in this case user "alessandroc" and group "SwDevelopers".
> The others are empty. If i open the advanced panel, it shows me
> user "albe" entry twice, one for the classical posix permissions
> and one for the acl permission. Anyway, under this panel all
> permissions are correctly shown.
>
> Is this an expected behavior or is there something wrong
> in my samba installation or configuration file?
This is expected behavior. The key thing to understand is that
the Windows security GUI only shows permissions in the first tab
if the ACE applies to "This folder, subfolders, & files".
The posix ACE for a user or group is the "This folder" part and
the default ACE for that user or group is the "subfodlers & files"
portion. However, the default user and group ACE is the
CREATOR OWNER/GROUP. So you need an additional 'default:user:albe:rwx'
entry to get the "subfolders & files" for the actual owner.
Hope this helps.
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"There's an anonymous coward in all of us." --anonymous
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDu+dDIR7qMdg1EfYRAnyoAJoDyt75UryjivGh3xZccQkNM2osAwCgmHzI
kP0YGdcQhwtq6TyBKFpDkcA=
=pVDc
-----END PGP SIGNATURE-----
More information about the samba
mailing list