[Samba] Re: changing ACLs only as owner possible

[Sven Geggus]

Bjoern_80 at gmx.de wrote:

> But I'll can  change ACLs, if i'm the owner of this file/folder. If I'm 
> member of an ownerproup or I have full access via ACLs (as user or as a 
> member of a group) I always get an error message: 
> 
> setfacl: test_unixgrpvoll: Operation not permitted 

RTFL hels in this case!

from smb.conf(5)

--cut--
dos filemode (S)

The default behavior in Samba is to provide UNIX-like behavior where
only the owner of a file/directory is able to change the permissions
on  it.  However,  this  behavior  is often confusing to DOS/Windows
users. Enabling this parameter allows a user who has write access
to the  file  (by  whatever means) to modify the permissions
(including ACL) on it. Note that a user belonging to the group owning
the file will  not  be  allowed  to  change  permissions if the group
is only granted read access. Ownership of the file/directory may also
be changed.

Default: dos filemode = no
--cut--

from setfacl(1)

--cut--
PERMISSIONS

The  file  owner  and  processes  capable of CAP_FOWNER are granted the
right to modify ACLs of a file. This is analogous  to  the permissions
required  for  accessing the file mode. (On current Linux systems, root
is the only user with the CAP_FOWNER capability.)
--cut--

Regards

Sven

-- 
/* Fuck me gently with a chainsaw... */
(David S. Miller in /usr/src/linux/arch/sparc/kernel/ptrace.c)

/me is giggls at ircnet, http://sven.gegg.us/ on the Web