[Samba] Access rights from ACLs not honored when setting file attributes?

Felix Brack (Mailinglist) fb at ltec.ch
Wed Jun 1 04:31:34 MDT 2011

This is somewhat a reincarnation of a problem I am facing since 
upgrading to samba 3.5.6 (3.5.8 is identical).

I use samba on an ext3 ACL enabled file system. Typically a users access 
rights are determined by his or her membership in different groups. The 
access right is therefore defined and granted by/to the group, not the 
user. These groups then appear in the ACL of directories and files 
whereby the access is granted.

This system works perfect when creating, modifying and delete files or 
directories - no issues at all.

However using the windows function 'SetFileAttributes' fails in case the 
user who is connected to the samba server and executes the function is 
not either the owner of the file/directory or member of the owning group 
of the file/directory. Therefore it looks like samba is ignoring any ACL 
entry when using the windows function 'SetFileAttributes'. No matter if 
there is an ACE granting the proper access right, samba fails.

Is there a principle difference in how samba interprets access rights 
depending on whom (user, primary group membership or ACL) grants them?
Why do file/directory operations such as create/modify/delete work, no 
matter how the access right was granted (including from ACL)?

regards Felix

More information about the samba mailing list