[Samba] acl, no rights and possibility to delete files

Michael Heydon michaelh at jaswin.com.au
Wed Feb 13 23:14:22 GMT 2008


<mailto:michaelh at jaswin.com.au>Hervé Hénoch wrote:
> Hello,
>
> I've a samba 3.0.24 and a share in ext3 with acl.
>
> I've set on a file the following permissions on a file a.txt :
>
> vssamba:/# getfacl /mnt/samba/partage/a.txt
> getfacl: Removing leading '/' from absolute path names
> # file: mnt/samba/partage/a.txt
> # owner: herve
> # group: users
> user::rwx
> group::r--
> other::r--
>
> The rights for share "Partage" are :
>
> [partage]
>   comment = blablabla
>   path = /mnt/samba/partage
>   public = yes
>   writable = yes
>   directory mask = 0744
>   create mask = 0744
>   security mask = 0744
>   force security mode = 0
>   directory security mask = 0744
>   force directory security mode = 0
>
> BUT, a user in "others" can delete the file from Windows XP !!!!
> What I have missed ?
>
What are the permissions on the parent directory?

Deleting a file doesn't require permission to write to the file, it is a 
change to the directory...

~/test$ ls -la
total 8
drwxr-xr-x  2 user group 4096 2008-02-14 08:09 ./
drwxr-xr-x 17 user group 4096 2008-02-14 08:09 ../
~/test$ touch asdf
~/test$ chmod 000 asdf
~/test$ rm -f asdf
~/test$ touch asdf
~/test$ chmod 555 ./
~/test$ rm -f asdf
rm: cannot remove `asdf': Permission denied
~/test$ touch ./zxcv
touch: cannot touch `./zxcv': Permission denied


As you can see, removing all permissions from asdf doesn't prevent me 
from deleting it (although I wouldn't be able to modify it) it is the 
write permission on the parent directory that controls whether or not I 
can create or delete files.


*Michael Heydon - IT Administrator *
michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>



More information about the samba mailing list