[Samba] Samba ACL bug?

Thu, 25 Jan 2007 23:07:42 -0800 

Hello,
My name is Hiro.

I'm using samba 3.0.21b-2(acl) and RHEL4.1(kernel 2.6.9-11.ELsmp) + AD Server

Following problem:
When the attribute of the group of the folder was set to a full control twice, 
the member of the group became inaccessible. 

I want to know this problem is BUG or SPEC.

One example

[smb.conf]
 security = ADS
 acl check permissions = no
 acl group control = no
 acl map full control = yes
 inherit acls = yes

[User]
 [EMAIL PROTECTED] [uid=10000([EMAIL PROTECTED]) gid=10000([EMAIL PROTECTED] 
users) groups=10000([EMAIL PROTECTED] users)]
 [EMAIL PROTECTED] [uid=10002([EMAIL PROTECTED]) gid=10000([EMAIL PROTECTED] 
users) groups=10000([EMAIL PROTECTED] users)]

STEP1.The folder was made by using the Explorer of Windows. 

ACL state is as follows. 
[EMAIL PROTECTED] pub]# getfacl testfolder
# file: testfolder
# owner: [EMAIL PROTECTED]
# group: [EMAIL PROTECTED]
user::rwx
group::rwx
other::---

STEP2.The folder attribute is changed from the security tab. 

"Domain Users(KITA\Domain Users)"
  →"full control" checked and execute.

[EMAIL PROTECTED] pub]# getfacl testfolder
# file: testfolder
# owner: [EMAIL PROTECTED]
# group: [EMAIL PROTECTED]
user::rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:other::---

At this point, the member of the Domain Users group can access the 
"testfolder". 

STEP3.The folder attribute is changed again. 

"Domain Users(KITA\Domain Users)"
  →"full control" checked and execute.

[EMAIL PROTECTED] pub]# getfacl testfolder
# file: testfolder
# owner: [EMAIL PROTECTED]
# group: [EMAIL PROTECTED]
user::rwx
mask::rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:[EMAIL PROTECTED]:rwx
default:mask::rwx
default:other::---

Then, the member of the Domain Users group became inaccessible the folder. 

[EMAIL PROTECTED] pub]# smbclient '//sambaSV/SMBpublic' -U fjsv003
Password:
Domain=[KITA] OS=[Unix] Server=[Samba 3.0.21b-2]
smb: \> cd testfolder
smb: \testfolder\> ls
NT_STATUS_ACCESS_DENIED listing \testfolder\*

                32768 blocks of size 131072. 30551 blocks available
smb: \testfolder\> cd ..

*******************************
Hironori KITAGAWA

Japan
*******************************

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to