Bug 13693 - sharesec cannot add/remove share permissions for 'homes'
Summary: sharesec cannot add/remove share permissions for 'homes'
Status: ASSIGNED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-11-28 09:27 UTC by Jorge Schrauwen
Modified: 2018-11-28 17:44 UTC (History)
0 users

See Also:

Attachments
screenshot from shares snapin (62.44 KB, image/png)
2018-11-28 09:27 UTC, Jorge Schrauwen 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jorge Schrauwen 2018-11-28 09:27:38 UTC 
Created attachment 14690 [details]
screenshot from shares snapin

```
[root@uf00pf0 api]# sharesec homes --view
REVISION:1
CONTROL:SR|DP
OWNER:
GROUP:
ACL:S-1-1-0:ALLOWED/0x0/FULL
[root@uf00pf0 api]# sharesec homes -a S-1-5-21-4030456262-320625612-449655040-116654:DENIED/0x0/FULL
[root@uf00pf0 api]# sharesec homes --view
REVISION:1
CONTROL:SR|DP
OWNER:
GROUP:
ACL:S-1-5-21-4030456262-320625612-449655040-116654:DENIED/0x0/FULL
ACL:S-1-1-0:ALLOWED/0x0/FULL
```

This works, but the permissions do not show up and are not enfored... probably because the share is special and mapped to the samAccount name when connecting.

See the screenshot attached.

It is not possible to add the permissions to 'jorschra' as the share does ofcourse not exists.

```
[root@uf00pf0 api]# sharesec jorschra -a S-1-5-21-4030456262-320625612-449655040-116654:DENIED/0x0/FULL
Invalid sharename: jorschra
```
Comment 1 Jorge Schrauwen 2018-11-28 10:06:39 UTC 
jorschra being the samAccount name.
Comment 2 Jeremy Allison 2018-11-28 17:44:41 UTC 
Yes, the share doesn't exist until the user connects. I have an idea as to how to fix this, if a share is flagged as "homes" then we can look for explicit permissions, then fall-back to [homes] permissions if not found.

Let me look at the code here.