[Samba] ACLs under Samba 3.3.0
Miguel Medalha
miguelmedalha at sapo.pt
Fri Jan 30 22:48:14 GMT 2009
> Can you give me an exact scenario to reproduce. I can certainly
> delete files I have created in my test env.
>
I have a directory from which getfacl --t obtains the following:
USER Admin rwx rwx
GROUP Admins rwx rwx
group Admins rwx rwx
group Editores rwx rwx
group Fotografos --x --x
group Graficos rwx rwx
group Jornalistas --x --x
mask rwx rwx
other --- ---
-----------------------------------------------
The share definition contains the following:
[Editor]
comment = Editores
path = /data/Jornal/Editor
valid users = @Admins, @Editores, @Graficos
write list = @Admins, @Editores, @Graficos
-----------------------------------------------
The acl parameters explicitly set in my smb.conf are the following:
acl compatibility = win2k
inherit acls = Yes
map acl inherit = Yes
-----------------------------------------------
A member of the "Graficos" group extracted an attachment from an email
message and put it in that directory.
A member of group "Editores", after having read the file, tried to
delete it and was prevented from doing it.
He then asked the first user to delete the file himself, which he could
not do.
After similar behavior was found with several files in other
directories, the problem was reported to me.
I immediately noticed that the "Delete" permission had been cleared.
I tried to reset it but was unable to do so. As work was pressing, I
reverted to 3.2.7 and all was well again.
More information about the samba
mailing list