On Tue, Sep 13, 2005 at 03:32:36PM +0200, Jan Roehrich
wrote:> I'm using samba as a win2000 domain member and providing some files
using
> posix ACLs
>
> My share configuration is like that:
>
> [software]
> path = /srv/software
> public = yes
> read only = no
> printable = no
> group = root
> directory security mask = 0777
> directory mask = 0770
> create mask = 0660
> store dos attributes = no
> dos filemode = yes
> inherit permissions = yes
> inherit acls = yes
> hide unreadable = yes
>
> but I discovered a strange problem:
> Using the windows native acl tool I'm able to take file ownership of
each
> file in my share bot not of any directory. Error message is access denied.
Currently in Samba 3.0.20 root can change ownership to any user,
someone with SeTakeOwnershipPrivilege can change owner to themselves,
and someone with write permission to a file can change owner to
the current authenticated user if dos filemodes are set. It's
probably the latter case that matters to you - which is why the
users can chown the files, but directories never have file write
permission, which is what is stopping them chowning directories.
In Samba 3.0.21 we'll be closer to windows semantics in that someone
with SeRestorePrivilege can change the file to any other user. It
doesn't take care of the directory case though. Can you log a bug in
bugzilla to track this and I'll look into the correct way to fix this
later on ?
Thanks,
Jeremy.