Felix Brack (Mailinglist)
2011-Jun-01 10:31 UTC
[Samba] Access rights from ACLs not honored when setting file attributes?
This is somewhat a reincarnation of a problem I am facing since upgrading to samba 3.5.6 (3.5.8 is identical). I use samba on an ext3 ACL enabled file system. Typically a users access rights are determined by his or her membership in different groups. The access right is therefore defined and granted by/to the group, not the user. These groups then appear in the ACL of directories and files whereby the access is granted. This system works perfect when creating, modifying and delete files or directories - no issues at all. However using the windows function 'SetFileAttributes' fails in case the user who is connected to the samba server and executes the function is not either the owner of the file/directory or member of the owning group of the file/directory. Therefore it looks like samba is ignoring any ACL entry when using the windows function 'SetFileAttributes'. No matter if there is an ACE granting the proper access right, samba fails. Is there a principle difference in how samba interprets access rights depending on whom (user, primary group membership or ACL) grants them? Why do file/directory operations such as create/modify/delete work, no matter how the access right was granted (including from ACL)? regards Felix
TAKAHASHI Motonobu
2011-Jun-01 15:37 UTC
[Samba] Access rights from ACLs not honored when setting file attributes?
From: "Felix Brack (Mailinglist)" <fb at ltec.ch> Date: Wed, 01 Jun 2011 12:31:34 +0200> This is somewhat a reincarnation of a problem I am facing since > upgrading to samba 3.5.6 (3.5.8 is identical).(snip)> However using the windows function 'SetFileAttributes' fails in case the > user who is connected to the samba server and executes the function is > not either the owner of the file/directory or member of the owning group > of the file/directory. Therefore it looks like samba is ignoring any ACL > entry when using the windows function 'SetFileAttributes'. No matter if > there is an ACE granting the proper access right, samba fails.Can you set file attributes with GUI and Is "store dos attributes" set? As far as I examined at Samba 3.5.6, I can manually set attributes. I accessed with user monyo to test2.doc whose ACL is set as below: ----- # getfacl test2.doc # file: test2.doc # owner: tako # group: root user::rw- group::rw- group:aclshare3ro:r-x group:aclshare3rw:rwx mask::rwx other::--- # id ika uid=2018(ika) gid=2030(ika) groups=2030(ika),2005(aclshare3rw) ----- My smb.conf is : [global] (nothing is defined) [aclshare3] path = /var/lib/samba/shares/aclshare3 writeable = yes force group = root inherit permissions = yes store dos attributes = yes map archive = no map read only = no --- TAKAHASHI Motonobu <monyo at samba.gr.jp>