[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    [Samba] Default POSIX ACLs masking later permission edits
From:       "Timothy Pearson" <kb9vqf () pearsoncomputing ! net>
Date:       2007-11-27 16:34:24
Message-ID: 000c01c83113$731b7ca0$9d0f020a () starlink ! edu
[Download RAW message or body]

Hello,

I have recently set up a Samba based file server running 3.0.27a.  This \
file server is part of a Windows 2003 domain, with ACL and extended \
attribute support enabled, and appears to be functioning properly except \
for one critical issue with the ACLs.

When I try to edit the permissions of a file through Windows, the default \
POSIX ACL that I set up on the filesystem seems to be masking off any \
future permission edits.  My default ACL (set with setfacl) is to allow \
full control to the domain group "domain users".  If I then try to remove \
the full control permission from a Windows XP workstation, leaving only the \
read permission set, as soon as I click Apply the full control permission \
comes back!

Using setfacl I am able to remove the offending entries, but as soon as I \
try to edit a different permission through a Windows client, they come \
back.

Is this the correct behavior?  I have been unable to find any information \
on this type of issue.  If this is correct, could someone please suggest a \
means to apply a default ACL only when files or directories are created, \
and then allow full permissions editing at a later date?  I would not have \
set a default ACL at all, except for the fact that newly created files are \
inaccessable without first setting permissions.

Thank you,

Timothy Pearson

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[prev in list] [next in list] [prev in thread] [next in thread]