samba - Feb 2006 - [jra@samba.org: Re: Solaris ACL vs Unix permissions]

Forgot to CC: the list.
----- Forwarded message from Jeremy Allison <jra@samba.org> -----

Date: Thu, 9 Feb 2006 12:25:02 -0800
From: Jeremy Allison <jra@samba.org>
To: linolil@equoria.net
Subject: Re: [Samba] Solaris ACL vs Unix permissions

On Thu, Feb 09, 2006 at 03:10:05PM -0500, linolil@equoria.net
wrote:
> Thank you for asking.
> 
> Given the above example, add a subdirectory;
> ls -l /export/directory/finance_group
> drwxrwxr-x   2 jim      finance     1024 Feb  3 16:24 ./
> drwxrwxr-x   3 root     staff         96 Jan 19 11:00 ../
> -rw-rw-r--   1 alice    finance   187904 Feb  3 14:44 Budget 2006.xls
> 
> Alice and Jim both have secondary group membership in "finance".
> Their primary group is "staff". (I changed the example above.)
> 
> Alice edits the file without problems, saves it and locks
> out Jim.  Often we find the file perms changed to 755.
> 
> Alice uses 'Right-Click -> Properties -> Security -> Add"
> to add Jim to the list of people with "Full Control".  When
> she hits "Apply", his name disappears.
> 
> Alice tries [Advanced] to add Jim.  It may/may not work
> for a short while, but a few edits later his name again
> disappears. The pattern isn't that clear, other than
> being locked out is a common theme.
What is the ownership and group ownership of the file
when Alice "locks out" Jim ? Are you using POSIX ACL's
here ?

As this is an NFS mount do you know that the NFS server
honours more than 8 or 16 groups per accessing user ?

These are things to look at.

Jeremy.

----- End forwarded message -----