[Samba] Samba Posix ACL and classical files permissions

Albe k3rmit at libero.it
Wed Jan 4 16:46:34 GMT 2006 

Thank you very much.

I think though that this is very misleading for the casual windows user 
and the behavior should be as much as possible pertinent or understandable.

My 2 cents.

Best regards


albe



Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Albe wrote:
>   
>> For example, this is the getfacl under linux:
>>
>> # file: Operators
>> # owner: albe
>> # group: Domain\040Admins
>> user::rwx
>> user:alessandroc:r-x
>> group::r--
>> group:SwDevelopers:r-x
>> mask::rwx
>> other::r--
>> default:user::rwx
>> default:user:albe:r--
>> default:user:alessandroc:r-x
>> default:group::r--
>> default:group:SwDevelopers:r-x
>> default:mask::rwx
>> default:other::r--
>>
>> If i look at the security properties under windows only 
>> the entries directly indicated explicitly in the acl is correctly
>> shown, so in this case user "alessandroc" and group "SwDevelopers".
>> The others are empty. If i open the advanced panel, it shows me
>> user "albe" entry twice, one for the classical posix permissions
>> and one for the acl permission. Anyway, under this panel all
>> permissions are correctly shown.
>>
>> Is this an expected behavior or is there something wrong 
>> in my samba installation or configuration file?
>>     
>
> This is expected behavior.  The key thing to understand is that
> the Windows security GUI only shows permissions in the first tab
> if the ACE applies to "This folder, subfolders, & files".
> The posix ACE for a user or group is the "This folder" part and
> the default ACE for that user or group is the "subfodlers & files"
> portion.  However, the default user and group ACE is the
> CREATOR OWNER/GROUP.  So you need an additional 'default:user:albe:rwx'
> entry to get the "subfolders & files" for the actual owner.
>
> Hope this helps.
>
>
>
>
>
> cheers, jerry
> =====================================================================
> Alleviating the pain of Windows(tm)      ------- http://www.samba.org
> Centeris                         -----------  http://www.centeris.com
> "There's an anonymous coward in all of us."               --anonymous
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFDu+dDIR7qMdg1EfYRAnyoAJoDyt75UryjivGh3xZccQkNM2osAwCgmHzI
> kP0YGdcQhwtq6TyBKFpDkcA=
> =pVDc
> -----END PGP SIGNATURE-----
> .
>
>

More information about the samba mailing list