the file/directory ownership is not available if a file/directory is not readable. The ownership should be readable in any case though. I ran into this problem during some ACL testing: it *must* be possible to grant new permissions on a file/directory after you removed all permissions before - *if* you are the owner.
Is this a 4.14 regression? Does it work in 4.13?
(In reply to Ralph Böhme from comment #1) neither in 4.12/4.13. You can just check with a simple "touch file; chmod 000 file" and look at it in explorer. (For the "revover from 0 ACEs" test there might be more issues but this is the first obvious one.)
(In reply to Björn Jacke from comment #2) Ok, thanks for confirming. This can now be fixed in 4.14 thanks for pathref fsps. WIP MR: https://gitlab.com/samba-team/samba/-/merge_requests/1950 Patch: https://gitlab.com/samba-team/samba/-/merge_requests/1950/diffs?commit_id=3deaf6514aea343023ed8f1035ed12877f37349f
This bug was referenced in samba master: e71e373a07e467ff2d2328f39bd2bc285e2ba840 6d928eb1e8ea44f0d0aea4ec9b1b7c385a281193
Created attachment 16721 [details] Patch for 4.15 cherry-picked from master
Pushed to autobuild-v4-15-test.
This bug was referenced in samba v4-15-test: 4f3b6f6b311942e1cf42ed263188384d643f25e6 4467a0ba7f0764831827645ae4cca22360d7cb70
Closing out bug report. Thanks!
This bug was referenced in samba v4-15-stable: 4f3b6f6b311942e1cf42ed263188384d643f25e6 4467a0ba7f0764831827645ae4cca22360d7cb70
Comment on attachment 16721 [details] Patch for 4.15 cherry-picked from master Sorry for being late, took a vacation day yesterday.
Fwiw, the fix relies on pathref fsps and a fully functional codebase that correctly uses pathref fsps everywhere in the VFS and in the VFS callers. We can give these guarantees for 4.15 but not for 4.14 (older versions don't even have pathref fsps) which is why there's no patch for 4.14 included in this bugreport.
this is still broken for directories. Try: mkdir "New folder" chown "you_domain_user" "New folder" chmod 000 "New folder" Then the owner of the directory should be visible if you are logged in with your domain user account on a Windows Client. But the owner is not visible. As the Windows Client does not see the owner of the direcory, you are also not able to modify the ACL via explorer, even though you should be able to modify the ACL because you are the owner.
*** Bug 6505 has been marked as a duplicate of this bug. ***
just checked with with 4.17 - there also the zero-permission directory case is fixed now!