[Samba] smbcacls add acl issue

Katariya Rahul rahulrahulse at rediffmail.com
Thu Jun 16 06:00:18 MDT 2011


Hi ,

I am facing weird issue with samba 3.0.28 package on Cent OS 5.2.

Following is acl of the file hi.txt
===============================================================================
# smbcacls //ntap/shkdata /RahulkTest/hi.txt -U QALAB\\Administrator%password
REVISION:1
OWNER:QALAB+administrator
GROUP:QALAB+Domain Users
ACL:QALAB+tempAcct1:ALLOWED/0/FULL
===============================================================================

I want to add acl  "ACL:+Everyone:ALLOWED/16/FULL"  for file hi.txt. 

But If I try to add, it gives following error:
=================================================================================
[root at shekok1 ~]# smbcacls -a "ACL:Everyone:ALLOWED/16/FULL"  //ntap/shkdata /RahulkTest/hi.txt -U QALAB\\Administrator%password
cacl_set failed to open \RahulkTest\hi.txt: NT_STATUS_ACCESS_DENIED
=================================================================================
 

But if I try to add same acl with samba 3.0.23c, it is successful. 

Why it is an issue with latest versions as it works fine with older version 3.0.23c. 

Following is snippet of strace of smbcacls command:
======================================================================================

# strace smbcacls -a "ACL:Everyone:ALLOWED/16/FULL"  //ntap/shkdata /RahulkTest/hi.txt -U QALAB\\Administrator%password

execve("/usr/bin/smbcacls", ["smbcacls", "-a", "ACL:Everyone:ALLOWED/16/FULL", "//ntap/shkdata", "/RahulkTest/hi.txt", "-U", "QALAB\\Administrator%password"], [/* 27 vars */]) = 0
brk(0)                                  = 0x9f03000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ffd000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/opt/openkaz/lib/tls/i686/sse2/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/opt/openkaz/lib/tls/i686/sse2", 0xbfc59498) = -1 ENOENT (No such file or directory)
..............................................................................................................................................................
read(4, "\377SMB\4\0\0\0\0\210\1\200\0\0\0\0\0\0\0\0\0\0\0\0@\0$r\0\10\7\0"..., 35) = 35
write(4, "\0\0\0z\377SMB\242\0\0\0\0\10\1\310\0\0\0\0\0\0\0\0\0\0\0\0@\0$r"..., 126) = 126
gettimeofday({1308224649, 923904}, NULL) = 0
select(5, [4], NULL, NULL, {10, 0})     = 1 (in [4], left {10, 0})
read(4, "\0\0\0#", 4)                   = 4
gettimeofday({1308224649, 924291}, NULL) = 0
select(5, [4], NULL, NULL, {10, 0})     = 1 (in [4], left {10, 0})
read(4, "\377SMB\242\"\0\0\300\210\1\300\0\0\0\0\0\0\0\0\0\0\0\0@\0$r\0\10\10\0"..., 35) = 35
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 11), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff4000
write(1, "cacl_set failed to open \\RahulkT"..., 68cacl_set failed to open \RahulkTest\hi.txt: NT_STATUS_ACCESS_DENIED
) = 68
exit_group(1)          
======================================================================================


After adding acl, I change owner to QALAB+tempAcct1 to give exclusive access of file to tempAcct1user. 

So just wondering why it is not working with samba 3.0.28 or 3.0.33? 

Thanks,
Rahul


More information about the samba mailing list