samba - Feb 2005 - Samba - NT ACL implemented by Unix Posix ACL via Samba

Hi,

 

Hopefully some Samba gurus are interested in some of my questions about
Samba ACL this is more in technical detail. 

 

1.       Why Samba always think the owner always has 'READ' access right
on
a file, 'READ and WRITE' access rights on a directory? I checked the
code of
posix_acls.c, those bits are OR-ed by default

 

2.       Try to create a folder via the Samba Win2k client(make sure there
are only base permissions on it - no any ACLs), right click on the folder
and go to 'Security' tab, choose the owner in the name table, tick some
check-boxes in column 'Allow' and click 'Apply', you will see
two more
entries 'CREATOR OWNER' and 'CREATOR GROUP' are displayed - I
understand
this is caused by that the default ACLs are created. But why the default
ACLs for the owner is NOT created?? The default ACLs can only be created
when the former steps are repeated.

 

Thanks in advance,

 

Juer

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Juer Lee wrote:

| 1.       Why Samba always think the owner always
| has 'READ' access right on a file, 'READ and WRITE' access
| rights on a directory? I checked the code of
| posix_acls.c, those bits are OR-ed by default

It was a workaround for some empty nttrans_set_security_descriptor()
requests IIRC.  Mostly had problems with profiles becoming
unusable.

| 2.       Try to create a folder via the Samba
| Win2k client(make sure there are only base permissions
| on it - no any ACLs), right click on the folder and go
| to 'Security' tab, choose the owner in the name table,
| tick some check-boxes in column 'Allow' and
| click 'Apply', you will see two more entries 'CREATOR OWNER'
| and 'CREATOR GROUP' are displayed - I understand this
| is caused  by that the default ACLs are created.
| ut why the default ACLs for the owner is NOT created??
| The default ACLs can only be created when the
| former steps are repeated.

If I understand your question correctly, it is because Samba
only translates the acls as they exist on disk.  You can
setup the default acls from a shell prompt if you like.





cheers, jerry
====================================================================Alleviating
the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCIzwHIR7qMdg1EfYRAv+BAJ4hWjAvMlVGM8Vp89l3FIQLFBd8ywCfdCE8
qYbhIRHEYjY1oUWVI1Ifaas=5jPt
-----END PGP SIGNATURE-----