[Samba] ACLs under Samba 3.3.0

simo idra at samba.org
Fri Jan 30 22:49:35 GMT 2009

On Fri, 2009-01-30 at 14:43 -0800, Jeremy Allison wrote:
> On Fri, Jan 30, 2009 at 10:32:55PM +0000, Miguel Medalha wrote:
> >
> >> Volker's changes are correct, in that delete access in POSIX does not
> >> belong to a file itself, but to the containing directory. So really
> >> we should remove the DELETE_ACCESS bit from both the file and the
> >> directory ACL returned.
> >
> > Without having the deep knowledge you have about this, it seems to me  
> > that this statement is indeed correct but...
> >> This unfortunately breaks the fiction of a rwx permission mapping directly into Windows FULL_CONTROL.
> >
> > I can live with that as long as can can set full permissions for users.
> > The ideal would be:
> >
> > 'map acl full control = yes' -> do what it describes
> >
> > 'map acl full control = no' -> enable us to set the "Delete" permission  
> > (and others) separately.
> >
> > The problem with 3.3.0 is that I cannot set the delete permission and as  
> > such users with rwx at the filesystem level cannot delete the files.
> Ok, I'm preparing a patch for this. Effectively, we should
> remove the "map acl full control" parameter as it now longer
> has any use except to break things. I'll mark it deprecated
> with the patch.

Jeremy, would it make sense to set the delete bit (or even full control)
depending on whether the user has write control over the parent
directory ?

Maybe make this behavior could be triggerd by "map acl full control".


Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the samba mailing list