Brad Sagowitz
Sergey Zhitomirsky wrote:
Hello
recently I set up XFS share under samba , and played from Win2K with ACL entries of shared files, and noticed that
Win2K never DENY ACL entries , so for example for a XFS file with acl:
# owner: a user::r-- group::rwx other::rwx
Win2K security tab shows for user "a": Read & exec = <nothing here>
Read = Allowed
Write = <nothing here>
But in fact, POSIX ACL will allow user "a" to read from the file
and deny write or execute the file , as posix acl will not consult any
other ACL entries, after founding appropriate user: entry.
So, shown by Win2K flags are wrong, and must be instead : Read & exec = Deny
Read = Allowed
Write = Deny
as NT ACL logic suppose, as far as know(?), that in case <nothing here>
father ACL entries will be consulted, so in this case NT user suppose
that he has "rwx" rights on the file due to other::rwx rule (-> Everybody, Full Access=Allowed)
but when tried to write - receive Permission Denied.
So that is a samba bug, as samba must have send DENY for "write" and "execute" and ALLOW for "read" for this user's file ("user::r--") , but now it just sends ALLOW for "read".
I have samba-2.2.7a, ./configure --with-acl-support --with-ssl --with-smbmount --disable-cups --with-smbwrapper --with-vfs --with-libsmbclient --disable-swat
Sergey.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
