Bug 5561 - couldn't delete ACL entries
Summary: couldn't delete ACL entries
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.28
Hardware: x86 FreeBSD
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
: 5562 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-06-24 05:22 UTC by murzeg
Modified: 2020-03-15 20:51 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description murzeg 2008-06-24 05:22:58 UTC 
Couldn't delete ACL entries on directory from Windows XP clients (through Permissions tab).
When deleting any ACE group or user it disappears till pressing Apply button, when applying it appears again. No notifications such "Access denied" doesn't appear.

Strange thing when removing ACL through FreeBSD (file server itself). Applying "setfacl -b" on directory removes all ACL exept default, BUT from Windows client, it still seen like it wasn't removed (only permissions checkpoints removed from that ACE).

This bug absolutely doen't appear in Samba 3.0.24, but in this version another bug with "ACL set when group being set is the primary group" appears, and it fixed only after version 3.0.28

File server OS - FreeBSD 6.3
Samba 3.0.28
--with-ads
--with-ldap
--with-acl-support
--with-winbind

User database stores on W2k3 server AD

#Conf files

#/etc/krb5.conf

[libdefaults]
	default_realm = MYDOMAIN.LOCAL
	default_tkt_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc des-cbc-md5
	default_tgs_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc des-cbc-md5
	permitted_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc des-cbc-md5

[realms]
    MYDOMAIN.LOCAL = {
        kdc = srvmain.mydomain.local
        admin_server = srvmain.mydomain.local
    }
 
[domain_realms]
    .srvmain.mydomain.local = MYDOMAIN.LOCAL

#/etc/nsswitch.conf

group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
passwd_compat: nis
shells: files
shadow: files winbind


#smb.conf

#======================= Global Settings =====================================
[global]

   workgroup = MYDOMAIN
   netbios name = FREE
   realm = MYDOMAIN.LOCAL
   server string = Samba %v on %L
   security = ads
   password server = srvmain.mydomain.local
   max log size = 50000

encrypt passwords = yes
smb ports = 445 139
log level = 10
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/winnt/%D/%U

   display charset = cp1251
   unix charset = cp1251
   dos charset = cp866

   nt acl support = yes
   dns proxy = no 
   log file = /var/log/samba/%m.%U.log
   load printers = no

#============================ Share Definitions ==============================
[newshare]
   comment = My share
   path = /usr/newshare
   valid users = "@UFPS\Domain Users"
   admin users = MYDOMAIN\murzeg
   nt acl support = yes
 
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

[netlogon]
logon path =
logon drive =
logon home =
Comment 1 Volker Lendecke 2008-06-24 06:03:33 UTC 
*** Bug 5562 has been marked as a duplicate of this bug. ***
Comment 2 Björn Jacke 2020-03-15 20:51:29 UTC 
looks like noremal posix acl vs. NT acl behaviour to me. Please consult the mailing list if this is unclear.