[prev in list] [next in list] [prev in thread] [next in thread]
List: samba
Subject: [Samba] Default POSIX ACLs masking later permission edits
From: "Timothy Pearson" <kb9vqf () pearsoncomputing ! net>
Date: 2007-11-27 16:34:24
Message-ID: 000c01c83113$731b7ca0$9d0f020a () starlink ! edu
[Download RAW message or body]
Hello,
I have recently set up a Samba based file server running 3.0.27a. This file server is part of a Windows \
2003 domain, with ACL and extended attribute support enabled, and appears to be functioning properly \
except for one critical issue with the ACLs.
When I try to edit the permissions of a file through Windows, the default POSIX ACL that I set up on the \
filesystem seems to be masking off any future permission edits. My default ACL (set with setfacl) is to \
allow full control to the domain group "domain users". If I then try to remove the full control \
permission from a Windows XP workstation, leaving only the read permission set, as soon as I click Apply \
the full control permission comes back!
Using setfacl I am able to remove the offending entries, but as soon as I try to edit a different \
permission through a Windows client, they come back.
Is this the correct behavior? I have been unable to find any information on this type of issue. If this \
is correct, could someone please suggest a means to apply a default ACL only when files or directories \
are created, and then allow full permissions editing at a later date? I would not have set a default ACL \
at all, except for the fact that newly created files are inaccessable without first setting permissions.
Thank you,
Timothy Pearson
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic