[Samba] Inherited ACLs can not be removed
Andreas Büsching
buesching at univention.de
Fri Jun 13 13:19:51 GMT 2008
Hi,
I have more information about the problem:
a) It does not have to do anything with inheritance
b) adding ACLs works
c) removing ACLs does not work (with a 'real' Windows client)
I did the following test:
- access rights:
drwxrws--- 2 crunchy Share Admins 1024 2008-05-23 21:45 /shares/finanzen/
- add r-x rights for Domain Users with a Windows XP Client (logged in as
crunchy) -> works
- remove access rights for Domain Users -> does not work
I repeated the test with smbcacls:
- smbcacls -U crunchy -a ACL:Domain\
Users:ALLOWED/2/READ //qamaster/finanzen /
- smbcacls -U crunchy //qamaster/finanzen /
Password:
REVISION:1
OWNER:UNIVENTION+crunchy
GROUP:UNIVENTION+Share Admins
ACL:UNIVENTION+crunchy:ALLOWED/0/FULL
ACL:UNIVENTION+Domain Users:ALLOWED/0/READ
ACL:UNIVENTION+Share Admins:ALLOWED/0/FULL
ACL:+Everyone:ALLOWED/0/FULL
- smbcacls -U crunchy -D ACL:Domain\
Users:ALLOWED/0/READ //qamaster/finanzen /
Password:
- smbcacls -U crunchy //qamaster/finanzen /
Password:
REVISION:1
OWNER:UNIVENTION+crunchy
GROUP:UNIVENTION+Share Admins
ACL:UNIVENTION+crunchy:ALLOWED/0/FULL
ACL:UNIVENTION+Share Admins:ALLOWED/0/FULL
ACL:+Everyone:ALLOWED/0/FULL
With smbcacls it works, but not with the Windows XP Client. BTW I'm using
samba version 3.0.26a
any idea?
regards
Andreas
--
Andreas Büsching <buesching at univention.de> fon: +49 421 22 232- 0
Entwicklung Linux for Your Business
Univention GmbH http://www.univention.de/ fax: +49 421 22 232-99
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.samba.org/archive/samba/attachments/20080613/35e2b5e7/attachment.bin
More information about the samba
mailing list