[Samba] ACLs under Samba 3.3.0
jra at samba.org
Fri Jan 30 22:43:23 GMT 2009
On Fri, Jan 30, 2009 at 10:32:55PM +0000, Miguel Medalha wrote:
>> Volker's changes are correct, in that delete access in POSIX does not
>> belong to a file itself, but to the containing directory. So really
>> we should remove the DELETE_ACCESS bit from both the file and the
>> directory ACL returned.
> Without having the deep knowledge you have about this, it seems to me
> that this statement is indeed correct but...
>> This unfortunately breaks the fiction of a rwx permission mapping directly into Windows FULL_CONTROL.
> I can live with that as long as can can set full permissions for users.
> The ideal would be:
> 'map acl full control = yes' -> do what it describes
> 'map acl full control = no' -> enable us to set the "Delete" permission
> (and others) separately.
> The problem with 3.3.0 is that I cannot set the delete permission and as
> such users with rwx at the filesystem level cannot delete the files.
Ok, I'm preparing a patch for this. Effectively, we should
remove the "map acl full control" parameter as it now longer
has any use except to break things. I'll mark it deprecated
with the patch.
More information about the samba