[Samba] Samba and POSIX ACLs

[Reindl Harald]

Am 12.08.2016 um 19:40 schrieb Jeremy Allison:
> On Fri, Aug 12, 2016 at 07:27:00PM +0200, Reindl Harald via samba wrote:
>>
>> Am 12.08.2016 um 18:57 schrieb Jeremy Allison via samba:
>>> On Fri, Aug 12, 2016 at 11:20:47AM -0500, Sergei Gerasenko via samba wrote:
>>>> It looks like this is a long known issue:
>>>>
>>>> https://bugzilla.samba.org/show_bug.cgi?id=10792
>>>
>>> If by long known you mean "as designed". As Samba supports
>>> ACL setting on files/directories we don't restrict what
>>> happens to them after creation.
>>>
>>> For creation you can set "create mask" and "directory mask"
>>> but the client can change it afterwards
>>
>> well, an option to igore that clients wish (and the same for the
>> normal unix permissions) would be nice because Apple stuff tends to
>> trying be smarter than the admin which knows how permissions have to
>> look like so that all users which needs access have it
>>
>> and that is often *exatly* as the sharepoint with no exception
>> because access to shares is granted by asign users to specific
>> group*s*
>
> We used to have that. Was called "security mask" and "directory
> security mask". It got removed as there was no way to differentiate
> between the "create" action and "modify permissions" action at
> the level below the VFS

how can that be?

i mean there is obviously a difference and samba is losing track if it's 
now reating a new file or modify a existing one?

that permissions/acl stuff is *a real* problem for many setups when a 
idiotic client is changing the permissions of a shared document, the 
person goes to vacation and other team members no longer have write access

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20160813/61770a2f/signature.sig>