[Samba] ACLs under Samba 3.3.0

Miguel Medalha miguelmedalha at sapo.pt
Fri Jan 30 22:48:14 GMT 2009


> Can you give me an exact scenario to reproduce. I can certainly
> delete files I have created in my test env.
>   
I have a directory from which getfacl --t obtains the following:

USER   Admin        rwx  rwx
GROUP  Admins       rwx  rwx
group  Admins       rwx  rwx
group  Editores     rwx  rwx
group  Fotografos   --x  --x
group  Graficos     rwx  rwx
group  Jornalistas  --x  --x
mask                rwx  rwx
other               ---  ---

-----------------------------------------------

The share definition contains the following:

[Editor]
comment = Editores
path = /data/Jornal/Editor
valid users = @Admins, @Editores, @Graficos
write list = @Admins, @Editores, @Graficos

-----------------------------------------------

The acl parameters explicitly set in my smb.conf are the following:

acl compatibility = win2k
inherit acls = Yes
map acl inherit = Yes

-----------------------------------------------

A member of the "Graficos" group extracted an attachment from an email 
message and put it in that directory.
A member of group "Editores", after having read the file, tried to 
delete it and was prevented from doing it.
He then asked the first user to delete the file himself, which he could 
not do.

After similar behavior was found with several files in other 
directories, the problem was reported to me.

I immediately noticed that the "Delete" permission had been cleared.
I tried to reset it but was unable to do so. As work was pressing, I 
reverted to 3.2.7 and all was well again.


More information about the samba mailing list