[Samba] ACLs under Samba 3.3.0

Miguel Medalha miguelmedalha at sapo.pt
Fri Jan 30 21:50:05 GMT 2009

> I would describe the problem *slightly* differently from Miguel.  I do 
> not think that ACLs are the real problem, because the bug behaviour 
> exists regardless of whether you're using filesystem ACLs or not.

You may be right. I didn't have the time to thoroughly test it because I 
had to immediately revert to 3.2.7; there was work to be done.

> The problem seems to be that the configuration option 'acl map full 
> control' isn't working anymore under 3.3.

If that is the case, it is not working neither "on" nor "off".

> f the option is set (which is the default under both 3.2.7 and 3.3.0), 
> a user with 'rwx' UNIX permissions should get 'Full Control' rights 
> under Windows.  This is regardless of whether the 'rwx' permissions 
> come from the base UNIX permissions or POSIX ACLs.

I can live without 'acl map full control' as long as I can set the 
appropriate permissions. I tried to enable the "Delete" permission with 
the Windows ACL editor and it didn't work, with both 'acl map full 
control' "on" or "off". Maybe there is something here which deserves 
further investigation.

> Under 3.3.0, a user with 'rwx' will have every Windows right except 
> for 'Delete' and 'Full Control'.  Even the file's owner will lack 
> those two rights. Nonetheless, the owner will be able to delete or 
> rename the file, but not any other users, even if they apparently have 
> identical rights.

Yes, that describes what I saw.

More information about the samba mailing list