Hi, all
It seems that samba-3.4.1 still has something wrong with ACL for
open-for-delete operation. I give a group of users full access, which
means rwx permission, to a directory and make this as the default ACL
for this directory. Then I found that I can do anthing as a member of
that group but deleting files and this directory.
After skiming through its source code, I did not find any ACL check at
function can_delete_file_in_directory() in file file_access.c.
Am I right?
The following is my ACL setting:
-bash-4.0$ getfacl Downloads/
# file: Downloads/
# owner: tsmn
# group: bt
user::rwx
group::r-x
group:smb_g0:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:smb_g0:rwx
default:mask::rwx
default:other::r-x
-bash-4.0$ getfacl Downloads/aaa
# file: Downloads/aaa
# owner: tsmn
# group: bt
user::rw-
group::r-x #effective:r--
group:smb_g0:rwx #effective:rw-
mask::rw-
other::r--
I can't delete file "aaa" when logining in as SAMBA user smb_u0
whose
main group is smb_g0.
--
Shaochun Wang <scwang at ios.ac.cn>
Jabber: fungusw at jabber.org