Rename is allowed after setting ACL
Jeremy Allison
jra at samba.org
Mon Sep 26 18:43:02 UTC 2016
On Mon, Sep 26, 2016 at 04:00:09PM +0530, VigneshDhanraj G wrote:
> Is there any update on this rename issue.?
What rename issue ? As far as I can see as Richard
pointed out below, Samba conforms to Windows behavior.
>
> On Tue, Sep 20, 2016 at 8:59 PM, VigneshDhanraj G <
> vigneshdhanraj.g at gmail.com> wrote:
>
> > So are you asking me about the permission of /home/dhanraj/folder1..?,
> > where my file is /home/dhanraj/folder1/Picture.png..?
> >
> > In my case, the user has permission for the share "folder1" .
> >
> > getfacl: Removing leading '/' from absolute path names
> > # file: /home/dhanraj/folder1
> > # owner: nobody
> > # group: users
> > user::rwx
> > group::rwx
> > other::rwx
> >
> > Regards,
> > Vigneshdhanraj G
> >
> >
> >
> > On Tue, Sep 20, 2016 at 8:47 PM, Richard Sharpe <
> > realrichardsharpe at gmail.com> wrote:
> >
> >> On Tue, Sep 20, 2016 at 12:08 AM, VigneshDhanraj G
> >> <vigneshdhanraj.g at gmail.com> wrote:
> >> > In Windows, if i denied the permissions i am not able to rename.
> >> >
> >> > getfacl output for cifs share-
> >> >
> >> > getfacl /home/dhanraj/Picture.png
> >> >
> >> > # file: home/dhanraj/Picture.png
> >> > # owner: nobody
> >> > # group: users
> >> > user::rw-
> >> > user:nobody:rw-
> >> > user:vignesh:---
> >> > group::rw-
> >> > group:users:rw-
> >> > mask::rwx
> >> > other::rw-
> >> >
> >> > I denied permission for the user 'vignesh' but still able to rename the
> >> > file 'Picture.png'.
> >> > Whereis in 4.0.9 renaming itself is denied for above set permission.
> >>
> >> Sure. What you are saying is that Samba now conforms to correct
> >> Windows behavior with regard to rename.
> >>
> >> Under NTFS, rename is like a delete followed by an add of the new
> >> name. To delete you either need Delete Child on the parent or delete
> >> on the object. To add a new name you need Add on the parent.
> >>
> >> You haven't shown us the permissions on the parent, which are the
> >> relevant thing for this operation, since Posix ACLs do not, AFAIK,
> >> have an equivalent to delete permission. You need WRITE on the parent
> >> to do that.
> >>
> >> Regards
> >> --
> >> Richard Sharpe
> >> (何以解憂?唯有杜康。--曹操)
> >>
> >
> >
More information about the samba-technical
mailing list