Re: [Samba] POSIX to NT ACL bug
On Mon, 3 Mar 2003, Brad Sagowitz wrote: I JUST got over this problem with help here on the mailing list... what version/distro of linux are you running? Brad Sagowitz I use samba 2.2.7a downloaded from samba.org on Suse 8.0 Sergey Zhitomirsky wrote: Hello recently I set up XFS share under samba , and played from Win2K with ACL entries of shared files, and noticed that Win2K never DENY ACL entries , so for example for a XFS file with acl: # owner: a user::r-- group::rwx other::rwx Win2K security tab shows for user a: Read exec = nothing here Read= Allowed Write = nothing here But in fact, POSIX ACL will allow user a to read from the file and deny write or execute the file , as posix acl will not consult any other ACL entries, after founding appropriate user: entry. So, shown by Win2K flags are wrong, and must be instead : Read exec = Deny Read= Allowed Write = Deny as NT ACL logic suppose, as far as know(?), that in case nothing here father ACL entries will be consulted, so in this case NT user suppose that he has rwx rights on the file due to other::rwx rule (- Everybody, Full Access=Allowed) but when tried to write - receive Permission Denied. So that is a samba bug, as samba must have send DENY for write and execute and ALLOW for read for this user's file (user::r--) , but now it just sends ALLOW for read. I have samba-2.2.7a, ./configure --with-acl-support --with-ssl --with-smbmount --disable-cups --with-smbwrapper --with-vfs --with-libsmbclient --disable-swat Sergey. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] POSIX to NT ACL bug
Hello recently I set up XFS share under samba , and played from Win2K with ACL entries of shared files, and noticed that Win2K never DENY ACL entries , so for example for a XFS file with acl: # owner: a user::r-- group::rwx other::rwx Win2K security tab shows for user a: Read exec = nothing here Read= Allowed Write = nothing here But in fact, POSIX ACL will allow user a to read from the file and deny write or execute the file , as posix acl will not consult any other ACL entries, after founding appropriate user: entry. So, shown by Win2K flags are wrong, and must be instead : Read exec = Deny Read= Allowed Write = Deny as NT ACL logic suppose, as far as know(?), that in case nothing here father ACL entries will be consulted, so in this case NT user suppose that he has rwx rights on the file due to other::rwx rule (- Everybody, Full Access=Allowed) but when tried to write - receive Permission Denied. So that is a samba bug, as samba must have send DENY for write and execute and ALLOW for read for this user's file (user::r--) , but now it just sends ALLOW for read. I have samba-2.2.7a, ./configure --with-acl-support --with-ssl --with-smbmount --disable-cups --with-smbwrapper --with-vfs --with-libsmbclient --disable-swat Sergey. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POSIX to NT ACL bug
I JUST got over this problem with help here on the mailing list... what version/distro of linux are you running? Brad Sagowitz Sergey Zhitomirsky wrote: Hello recently I set up XFS share under samba , and played from Win2K with ACL entries of shared files, and noticed that Win2K never DENY ACL entries , so for example for a XFS file with acl: # owner: a user::r-- group::rwx other::rwx Win2K security tab shows for user a: Read exec = nothing here Read= Allowed Write = nothing here But in fact, POSIX ACL will allow user a to read from the file and deny write or execute the file , as posix acl will not consult any other ACL entries, after founding appropriate user: entry. So, shown by Win2K flags are wrong, and must be instead : Read exec = Deny Read= Allowed Write = Deny as NT ACL logic suppose, as far as know(?), that in case nothing here father ACL entries will be consulted, so in this case NT user suppose that he has rwx rights on the file due to other::rwx rule (- Everybody, Full Access=Allowed) but when tried to write - receive Permission Denied. So that is a samba bug, as samba must have send DENY for write and execute and ALLOW for read for this user's file (user::r--) , but now it just sends ALLOW for read. I have samba-2.2.7a, ./configure --with-acl-support --with-ssl --with-smbmount --disable-cups --with-smbwrapper --with-vfs --with-libsmbclient --disable-swat Sergey. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
