https://bugs.kde.org/show_bug.cgi?id=422554
--- Comment #3 from Harald Sitter <sit...@kde.org> --- Windows behaves exactly the same as we do. And the actual eval order on the server is - Everyone - Group - User each with denial taking precedence over permission. Everyone being denied denies everyone. Any group the user is a member of being denied denies. Any user rules matching a denial are denied. They do aggressively warn about setting deny rules though, because denial always wins regardless of whatever other ACEs are available. Which seems like a reasonable enough way to deal with it. It keeps the UI simpler and means the application rule is easily graspable. In particular samba's behaviour is unexpectedly out of line here. Samba's ACE checking `se_access_check` always appears to accept either an applicable denial or approval. So, which ever rule applies first wins and that is why the usershare ACL order matters, there's no sorting being applied to the input ACL. The entire low level ACL management is rather awkward in general though and really should be replaced with something more user friendly. -- You are receiving this mail because: You are watching all bug changes.
