[Samba] Unexpected behaviour with ACL GROUP CONTROL

Roger Lucas roger at planbit.co.uk
Sun May 14 21:21:20 GMT 2006


I am running 3.0.22, with ACLs on an EXT3 file system.  The system is
"Debian stable" but has been upgraded to the 2.6.16.9 kernel.

I am setting up SAMBA share with Windows 2003 AD and would like any Windows
user to be able to change the ACL for a file or folder if they are a member
of a group that has write access to the file or folder in question.  On
first inspection it looked like the "ACL GROUP CONTROL" feature that arrived
in 3.0.22 would help to solve this.

What I found was that if I set the "ACL GROUP CONTROL = TRUE" setting in
SMB.CONF, then any user could change the ACL for a file/folder if they were
a member of the primary GID of the file/folder even if that primary GID did
not have write access.

I checked the code in "source/smbd/posix_acls.c" and as far as I can tell it
only checks that the user is a member of the group that the file has as its
primary GID but it doesn't check that the primary GID also has write access
to the file.  You could, for example, have a "0700" set of UNIX access flags
and a user who was a member of the the primary GID could still change the
ACL.

Is my understanding correct?
If it is, is there an known work-around?

Thanks in advance,

Roger



More information about the samba mailing list