Your message dated Sun, 31 Jan 2010 12:32:54 +0100
with message-id <20100131113254.gz4...@cc-mykerinos.onera>
and subject line Re: [Pkg-samba-maint] Bug#567095: Bug#567095: Samba does not
correctly set named ACL for owning group and user
has caused the Debian Bug report #567095,
regarding Samba does not correctly set named ACL for owning group and user
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
567095: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567095
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: samba
Version: 2:3.2.5-4lenny6
Severity: grave
I'm using a plain lenny, fresh updated, standard kernel on amd64 (but i
think that does not care).
After upgrading from etch to lenny i've found many complain about my
user that file was not more accessible, particulary on complex shares
where more that one group have to read and write file.
I'm using a samba in a domain as PDC, with a share:
[Users]
comment = Spazio Utente
path = /srv/users
read only = No
inherit permissions = Yes
inherit acls = Yes
map acl inherit = Yes
store dos attributes = Yes
volume = Users
dos filemode = Yes
in etch (samba 3.0.24) if i set ACL for a folder, the owning user and
group (the unix one) are duped as default 'named' ACL:
mouse:/srv/users/Prova# getfacl .
# file: .
# owner: root
# group: SANVITO\134ced
user::rwx
group::rwx
group:labinfo:rwx
group:SANVITO\134centralino:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:labinfo:rwx
default:group:SANVITO\134ced:rwx
default:group:SANVITO\134centralino:rwx
default:mask::rwx
default:other::---
note that the folder are owned by 'SANVITO\134ced' and there's a
default named ACL for 'SANVITO\134ced', the row
'default:group:SANVITO\134ced:rwx'; can be obtained easily using
'folder, subfolders and files' as ACL scope in windows explorer.
In lenny's samba, instead, there's no such entry, so ACL are:
neuromante:/srv/users/Prova# getfacl .
# file: .
# owner: root
# group: ced
user::rwx
group::rwx
group:centrali:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:centrali:rwx
default:mask::rwx
default:other::---
Note that there's a (unnamed) default acl entry of 'default:group::rwx'
but no default named ac entry like 'default:group:ced:rwx' for the
owning group 'ced'.
In this way every file created into this forder by an user in
'centralino' group get owned by 'centralino' and the 'ced' acl are not
propagated.
More, if in windows explorer i try to force the acl for 'ced' to
'folder, subfolders and files' there's no way to set them, are no
applied.
After some test, some questions on samba italian lists, some google and
digging expecially on debian and samba BTS, it seems that the trouble
was identified and fixed in lates 3.4 and 3.5 version, see:
https://bugzilla.samba.org/show_bug.cgi?id=6878
This bug speaks about users, not group, but it's the same...
I'm staring to code a simple script to run at night that will add a
'named default acl' for every folder as a temporary countermeasure, but
this seems really a grave functionality bugs and i hope debian samba
team will backport and apply the fix to 3.2.
Many thanks.
--- End Message ---
--- Begin Message ---
Version: 2:3.5.0~rc1~dfsg-1
I meant to send the former mail to -done but forgot to do so...
signature.asc
Description: Digital signature
--- End Message ---
