Jeremy Allison ha scritto: >> >> NT ACL: Allow SID FILE_READ_ATTRIBUTES >> Current samba perms for owner, group or others: r-- >> Current samba posix acl: user:abramo:r-- >> Current new NT ACL: Allow SID FILE_READ_DATA FILE_READ_ATTRIBUTES >> FILE_READ_EA FILE_GENERIC_READ >> Proposed samba perms for owner, group or others: --- >> Proposed samba posix acl: entry is removed >> Proposed new NT ACL for owner, group or others: Allow SID EMPTY >> Proposed new NT ACL: ACE is removed >> >> Simply I'm suggesting that this case is treated as it was a request to >> have an empty list of accesses for that SID. > > Now re-read the ACL on Windows. The '---' will be seen as a DENY > ACE. That's the problem. POSIX has no deny ACLs so we have to overload > no permissions in order to get the essential deny capability.
I'm definitely unable to reproduce what you write with the following environment: server: samba-3.0.28a-1ubuntu4.4 client: windows 2000 server No DENY ACE are re-read from Windows (when needed it's converted to an empty ALLOW ACE). The test is rather easy: I've changed the access control from windows explorer simply taking care to have FILE_READ_ATTRIBUTES and FILE_READ_EA equal to FILE_READ_DATA (that's the behaviour I'd ask for samba). To avoid ACE removal by user interface I can leave READ_CONTROL enabled. The seen result re-reading the ACE is an empty allow. This is exactly what I'd expect... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
