[Samba] 3.2.4 ACL inheritance trouble
Peter Rindfuss
rindfuss at wzb.eu
Tue Nov 4 15:23:03 GMT 2008
On 2008-11-04 14:59, Jeremy Allison wrote:
> On Tue, Nov 04, 2008 at 02:16:24PM +0100, Peter Rindfuss wrote:
>> Hi,
>>
>> Since 3.2.4 (maybe earlier, but I doubt it), one important feature does
>> not work anymore for me:
>>
>> I cannot break ACL inheritance anymore in the Windows ACL editor. With
>> previous Samba versions, I entered the "Advanced" dialog of the Windows
>> ACL editor and unchecked the flag "Inherit from parent the permission
>> entries that apply to child objects. Include these with entries
>> explicitly defined here". Afterwards, I could remove or change ACLs as
>> needed. If I do this now, ACLs that exist on the next higher directory
>> level re-appear after having deleted them.
>>
>> Are there changed configuration options or am I missing something else here?
>>
>> Breaking inheritance is very important in our system as we often need to
>> restrict access to subdirectories.
>>
>> At the moment, I can only try to modify ACLs on the Linux level in order
>> to get the desired behavior.
>
> Can you help me determine when this behavior changed ?
> 3.2.3 has a small change here that might affect this,
> but I'd be very interested to know if this was in 3.2.0,
> 3.2.1 or 3.2.3 (when it was introduced).
>
> I'm travelling at the moment with no access to
> Windows VM's to test this with, so if you need me
> to reproduce it'll have to wait until next monday
> (US Pacific time).
>
Sorry, not possible. 3.2.x was introduced here when upgrading from Suse
10.0 to OpenSuse 11.0. OpenSuse 11 comes with 3.2.0, I think, but when
we went to production use, we already had installed 3.2.4. That was 2
weeks ago.
The "(maybe earlier, but I doubt it)" in my original post makes no sense
as we did not test it with any earlier version than 3.2.4.
I found some possibly discussion at
http://webui.sourcelabs.com/samba/issues/5052
Best, Peter Rindfuss
More information about the samba
mailing list