On Sat, Apr 16, 2005 at 11:42:33PM -0400, Stewart, Eric wrote: > If someone has this working on Red Hat Enterprise Linux 3, I'd > like a few pointers. > I've changed "defaults" in /etc/fstab for the affected partition > to "defaults,acl,user_xattr" and rebooted the box. I've gone so far as > to make sure all processes were killed, remove the samba sbin, bin, lib, > and include directories, checked to make sure ACL support is being > compiled in (ldd even shows libacl.so.1 linked). I've even gotten > desperate and and added "delete readonly = yes" and even "nt acl support > = no" (in all sorts of combinations) to the junk share in the config > below, and yet I still get access denied when attempting to delete a > file. ls -laF shows: > > : ls -laF /usr/local/samba/junk > total 5608 > drwxrwxr-x 2 bb mysql 4096 Apr 16 00:44 ./ > drwxr-xr-x 11 root root 4096 Apr 16 23:20 ../ > -rwxrw-r-- 1 LIB+eric mysql 46080 Mar 31 2000 > annualreport99.doc* > -rwxrw-r-- 1 LIB+eric mysql 5668947 Mar 25 09:11 > HPLJ4250-070323-ILLiad.pdf* > > With the "force group =" set, anyone who qualifies as a valid > user should be able to delete the file. But I can't.
Ok, I think I see the bug you're encountering.... I don't think force group was considered in the posix_acl code - that changes current_user.gid without changing it in the group array in current_user. Can you try this patch please ? Jeremy.
Index: smbd/posix_acls.c =================================================================== --- smbd/posix_acls.c (revision 6363) +++ smbd/posix_acls.c (working copy) @@ -3867,6 +3867,23 @@ if (pgid == NULL) { goto check_stat; } + + /* Does it match the current effective group ? */ + if (current_user.gid == *pgid) { + ret = have_write; + DEBUG(10,("check_posix_acl_group_write: file %s \ +match on group %u -> can write.\n", fname, (unsigned int)*pgid )); + + /* If we don't have write permission this entry doesn't + * prevent the subsequent enumeration of the supplementary + * groups. + */ + if (have_write) { + goto done; + } + } + + /* Continue with the supplementary groups. */ for (i = 0; i < current_user.ngroups; i++) { if (current_user.groups[i] == *pgid) { ret = have_write; @@ -3898,6 +3915,15 @@ /* Do we match on the owning group entry ? */ + /* First, does it match the current effective group ? */ + if (current_user.gid == psbuf->st_gid) { + ret = (psbuf->st_mode & S_IWGRP) ? 1 : 0; + DEBUG(10,("check_posix_acl_group_write: file %s \ +match on owning group %u -> %s.\n", fname, (unsigned int)psbuf->st_gid, ret ? "can write" : "cannot write")); + goto done; + } + + /* If not look at the supplementary groups. */ for (i = 0; i < current_user.ngroups; i++) { if (current_user.groups[i] == psbuf->st_gid) { ret = (psbuf->st_mode & S_IWGRP) ? 1 : 0;
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba