Bug#396226: [Pkg-samba-maint] Bug#396226: samba: Messes up file permissions when POSIX ACLs are

Christian Perrier bubulle at debian.org
Tue Nov 21 20:15:54 CET 2006 

tags 396226 unreproducible moreinfo
thanks

> > We had previously never run a kernel with ACL support enabled.  Since 
> > the upgrade, we are seeing very strange permission behavior.  It appears 
> > to berelated to POSIX ACL support in Samba.
> > 
> > It seems that what's happening is this.
> > 
> > We have a number of files that are user/group writable (permissions 0664). 
> > When a user that is someone other than the Unix owner of the file writes 
> > to it, the permissions switch to 0474 (-r--rwxr--) and an ACL is added 
> > with this second user getting read/write permission to it.
> > 
> > Unfortunately, the Unix owner of the file now is locked out of writing 
> > to it.
> > 
> > We never had any problem with permissions on these files before using  
> > the ACL-enabled kernel.  
> 
> 
> Well, first of all, the smb.conf would help a lot, here....

John, we would really need your smb.conf, details about the
ACL-enabled filesystem and every other needed information.

I have tried to reprocude that bug here.

I have an XFS file system on /var and the following in smb.conf


[public]
directory mask=0700
browseable=yes
comment=Public
read only=no
create mask=0770
public=yes
path=/var/tmp/samba-test


oot at mykerinos:/var/tmp/samba-test> ls -la
total 8
drwxrwsr-x 2 bubulle bikinibottom   16 2006-11-21 20:13 .
drwxrwxrwt 7 root    root         4096 2006-11-21 05:31 ..
-rw-rw-r-- 1 bubulle bikinibottom    6 2006-11-21 20:07 foo

root at mykerinos:/var/tmp/samba-test> cat foo
test

"bubulle" and "spongebob" are both members of "bikinibottom" group

"spongebob" connect the share from a WinXP client, then modifies foo:

root at mykerinos:/var/tmp/samba-test> cat foo
test
test by Spongebog Square Pants
root at mykerinos:/var/tmp/samba-test> ls -la
total 8
drwxrwsr-x 2 bubulle bikinibottom   16 2006-11-21 20:13 .
drwxrwxrwt 7 root    root         4096 2006-11-21 05:31 ..
-rw-rw-r-- 1 bubulle bikinibottom   38 2006-11-21 20:15 foo


So, nothing unexpected here...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20061121/c4c8165a/attachment.pgp

More information about the Pkg-samba-maint mailing list