samba - Jun 2007 - changing ACLs only as owner possible

[This email is either empty or too large to be displayed at this time]

Hello! 

I have the following problem: 

I have an linux file server (member server ADS), with authenticating 
against ADS. It works fine. All user data / memberships are correct. 
ACLs works successfully for reading and so on. 

But I'll can? change ACLs, if i'm the owner of this file/folder. If
I'm
member of an ownerproup or I have full access via ACLs (as user or as a 
member of a group) I always get an error message: 

setfacl: test_unixgrpvoll: Operation not permitted 

Any Ideas? 

Thanks!!

Sven Geggus schrieb: 
> Bjoern_80@gmx.de wrote: 
> 
> 
> > But I'll can? change ACLs, if i'm the owner of this
file/folder. If
> > I'm member of an ownerproup or I have full access via ACLs (as
user or
> > as a member of a group) I always get an error message: 
> > setfacl: test_unixgrpvoll: Operation not permitted 
> 
> RTFL hels in this case! 
> 
> from smb.conf(5) 
> 
> --cut-- 
> dos filemode (S) 
> 
> The default behavior in Samba is to provide UNIX-like behavior where 
> only the owner of a file/directory is able to change the permissions 
> on? it.? However,? this? behavior? is often confusing to DOS/Windows 
> users. Enabling this parameter allows a user who has write access 
> to the? file? (by? whatever means) to modify the permissions 
> (including ACL) on it. Note that a user belonging to the group owning 
> the file will? not? be? allowed? to? change? permissions if the 
> group 
> is only granted read access. Ownership of the file/directory may also 
> be changed. 
> 
> Default: dos filemode = no 
> --cut-- 
> 
> from setfacl(1) 
> 
> --cut-- 
> PERMISSIONS 
> 
> The? file? owner? and? processes? capable of CAP_FOWNER are granted 
> the 
> right to modify ACLs of a file. This is analogous? to? the permissions 
> required? for? accessing the file mode. (On current Linux systems, root 
> is the only user with the CAP_FOWNER capability.) 
> --cut-- 
> 
> Regards 
> 
> Sven?
> 
> 
> 
Hello! 

Dos filemode works for the main unixgroup, but not for ACL-Users/Groups 
(with full access). 
Is there an opportunity also for ACL-Users/Groups 

Regards... 

Bj?rn

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bjoern_80@gmx.de wrote:
> Dos filemode works for the main unixgroup, but not for ACL-Users/Groups 
> (with full access). 
> Is there an opportunity also for ACL-Users/Groups 
It does apply to acls in current releases.  Easlier release use the
"acl group  control" (cannot remember the exact name off the
top of my head) option.






cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGYAzIIR7qMdg1EfYRAp9eAKDwa85AuQKCqpJhCuDQ9/JrV2+vfwCeLIWo
It8X3mrV64NGSldlT0Evths=RUYn
-----END PGP SIGNATURE-----