[Samba] Samba Posix ACL and classical files permissions

Gerald (Jerry) Carter jerry at samba.org
Wed Jan 4 15:18:28 GMT 2006

Hash: SHA1

Albe wrote:
> For example, this is the getfacl under linux:
> # file: Operators
> # owner: albe
> # group: Domain\040Admins
> user::rwx
> user:alessandroc:r-x
> group::r--
> group:SwDevelopers:r-x
> mask::rwx
> other::r--
> default:user::rwx
> default:user:albe:r--
> default:user:alessandroc:r-x
> default:group::r--
> default:group:SwDevelopers:r-x
> default:mask::rwx
> default:other::r--
> If i look at the security properties under windows only 
> the entries directly indicated explicitly in the acl is correctly
> shown, so in this case user "alessandroc" and group "SwDevelopers".
> The others are empty. If i open the advanced panel, it shows me
> user "albe" entry twice, one for the classical posix permissions
> and one for the acl permission. Anyway, under this panel all
> permissions are correctly shown.
> Is this an expected behavior or is there something wrong 
> in my samba installation or configuration file?

This is expected behavior.  The key thing to understand is that
the Windows security GUI only shows permissions in the first tab
if the ACE applies to "This folder, subfolders, & files".
The posix ACE for a user or group is the "This folder" part and
the default ACE for that user or group is the "subfodlers & files"
portion.  However, the default user and group ACE is the
CREATOR OWNER/GROUP.  So you need an additional 'default:user:albe:rwx'
entry to get the "subfolders & files" for the actual owner.

Hope this helps.

cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"There's an anonymous coward in all of us."               --anonymous
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba mailing list