[Samba] Cannot set ACL rights for group "Authenticated Users" (SID S-1-5-11)\

Jens Nissen jens.nissen at gmx.net
Tue Apr 17 09:18:18 GMT 2007

Reading the code, I located the bug in
smbd/posix_acls.c:create_canon_ace_lists, but I do need advice of
someone who knows what is going on and what to do.

The source code says:

		 * Ignore non-mappable SIDs (NT Authority, BUILTIN etc).

		if (non_mappable_sid(&psa->trustee)) {
			fstring str;
			DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
				sid_to_string(str, &psa->trustee) ));

SID S-1-5-11 ("Authenticated Users") is part of the NT Authority.
Why should this SID be "non-mappable"?
Windows Servers do allow setting this SID so I expect Samba Servers to
do simply the same as the Windows Servers!

Can I simply comment the lines out? What will happen afterwards?
a) Does Samba correctly behave in case this SID is set? Will it allow
reading the ACL in call cases? (It looks as if Samba displays it
correctly, tested with setfacl on a small file)

b) Does Samba correctly interpret the rights if they are set?
"Authenticated Users" are simply defined as
/////////////// Quote from
"Includes all users and computers whose identities have been
authenticated. Authenticated Users does not include Guest even if the
Guest account has a password."
So Samba should know what to do.

c) Does it make sense to file a bug in bugzilla?


More information about the samba mailing list