On Mon, Oct 18, 2010 at 12:12:55AM -0400, [email protected] wrote: > Thanks Jeremy and Volker. Clarified some of points.still little bit > confusion for me. > so, in summary if a user can change ACL, if he has write acess on the share > and the ownership on subfolders / files inside it. > > here is is my test. > > 1) created share "test" , given write access to it for "admin", "user1" users. > > 2) connected to share with admin user and created sub folder "test_subfldr" > in it. and given read access to user1 user > . > output of getfacl > ------------ > r...@storage:/mnt/soho_storage/samba/shares/SP0/test# getfacl test_subfldr/ > # file: test_subfldr/ > # owner: admin > # group: users > user::rwx > user:user1:r-x > group::rwx > mask::rwx > other::rwx > default:user::rwx > default:user:user1:r-x > default:group::--- > default:mask::rwx > default:other::--- > > r...@storage:/mnt/soho_storage/samba/shares/SP0/test# > ------------------ > 4) connected to test share with user1 , could not write into test_subfldr. > and user1 has changed acl settings on test_subfldr to write access . > why samba is allowing this? Though user1 has write access to share , he is > not the owner of test_subfldr/.(admin is the owner for this) . user1 > effectivly has read access on the test_subfldr. > > attached smb.conf for your reference.
Ok, started to look at this. Thanks for your patience. What are the getfacl permissions on the folder: /mnt/soho_storage/samba/shares/SP0/test I need to see the output from: getfacl /mnt/soho_storage/samba/shares/SP0/test and also please send me (privately if you wish) a debug level 10 log from smbd when user1 connects to the test share and changes the acl setting on test_subfldr. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
