i found another problem
ACL is
humanpdc:/data/install # cat ~/acl # file: data/install # owner: root # group: rootgroup user::rwx user:gasch:rwx user:paul:rwx user:foedisch:rwx group::--- mask::rwx other::--- default:user:gasch:rwx default:user:paul:rwx default:user:foedisch:rwx default:group::--- default:mask::rwx default:other::---
but humanpdc:/data/install # cat ~/acl |setfacl --set-file=- ../install/
gives
humanpdc:/data/install # getfacl ../install/ # file: ../install # owner: root # group: rootgroup user::rwx user:gasch:rwx user:paul:rwx user:foedisch:rwx group::--- mask::rwx other::--- default:user::rwx default:user:gasch:rwx default:user:paul:rwx default:user:foedisch:rwx default:group::--- default:mask::rwx default:other::---
with attention to "default:user::rwx"
why is it automatically set?
and of course: on any file created in install owner just gets rw-, but my mask isn't recalculated (which is fine)
e.g.
humanpdc:/data/install # touch test; getfacl test # file: test # owner: gasch # group: users user::rw- user:gasch:rwx user:paul:rwx user:foedisch:rwx group::--- mask::rwx other::---
create masks in samba are 0077 umask for user is 0077
but dirs are created/acl-ed correctly!!!
lot's of "???"
thx
Michael Gasch schrieb:
hi
i experienced the same behaviour
do you know whats the reason? i think its umask
my umask tells me : 022 for root....this changes the "group" setting, which is in this ACL case - yes you know - the effective mask
greez
Dariush Forouher schrieb:
Hello,
I'm using samba 3.0.2(acl) and kernel 2.4.24+acl, libacl-2.2.23.
Following problem:
When I create a file in an directory with extended ACLs, samba applies the
"create mask" in a wrong way (IMHO).
The normal behaviour of tools like chmod is that the second (middle)
permission field is mapped to the "mask" ACE if the file has an extended
ACL, so that the change applies to all groups. But Samba seems to set the
group:: (Owning Group) ACE instead.
This behaviour causes some minor problems, especially some users will see this file with x Bit set, when it shouldn't.
One example:
There is an directory called testdir:
# file: testdir # owner: root # group: root user::rwx group::--- group:admins:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:admins:rwx default:mask::rwx default:other::---
The owning group or world shall never have access to this directory (and to all children), only members of group 'admins' shall have.
Now if I create a file on the console, it has the following ACL:
# file: testfile1 # owner: dariush # group: schueler user::rw- group::--- group:admins:rwx #effective:rw- mask::rw- other::---
You'll see that group:: is unchanged and mask:: has shortened to rw-
Now a file that I've created through Samba: (create mask = 0660 or create mask = 0600; make no difference):
# file: testdir/testfile2 # owner: dariush # group: schueler user::rw- group::rw- group:admins:rwx mask::rwx other::---
You see that mask:: is unchanged, while group:: has been changed instead incorrectly.
So, in my eyes this looks like a bug. If it is not, it would be nice if
someone could point me a way how to get the wanted behaviour somehow else.
regards Dariush
--
"Matrix - more than a vision"
**************************************************
Michael Gasch- Central IT Department -
Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig
Germany **************************************************
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
