Bug 6063 - ACL can't set refused permission
Summary: ACL can't set refused permission
Status: CLOSED FIXED
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: User & Group Accounts (show other bugs)
Version: 3.2.7
Hardware: x86 Linux
: P3 normal
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-22 20:53 UTC by akong
Modified: 2022-02-18 08:22 UTC (History)
0 users

See Also:


Attachments
I want setup everyone reject used (100.56 KB, image/jpeg)
2009-01-23 02:22 UTC, akong
no flags Details
advanced function (86.66 KB, image/jpeg)
2009-01-23 02:23 UTC, akong
no flags Details
It's function unused. (60.01 KB, image/jpeg)
2009-01-23 02:25 UTC, akong
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description akong 2009-01-22 20:53:22 UTC
Hello,
I have install samba 3.2.7
I want set acl folder from windows interface.
I can set allow function.
But I can't set refused permission function.
When I set refused permission and click apply.
My refused permission checkbox will show empty.
It's my smb.conf
[global]
        log file = /var/log/samba/log.%m
        cups options = raw
        load printers = yes
        server string = Fileserver3
        workgroup = LINGUITRONICS
        os level = 20
        security = ads
        passdb backend = tdbsam
        max log size = 50
        realm = linguitronics.com
        netbios name = Fileserver3
        password server = etams001.linguitronics.com
        encrypt passwords = yes
        nt acl support = yes
        inherit acls = yes
        inherit owner = yes
        inherit permissions = yes
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
And my share folder settings:
[abc]
        comment = abc
        path = /samba/abc
        public = yes
        writeable = yes
        create mask = 0777
        directory mask = 0777
        directory security mask = 0777
        #vfs object = recycle extd_audit vscan-fprotd
        #vscan-oav: config-file = /etc/samba/vscan-fprotd.conf
        #recycle:repository = ../Garbage/%u
        #recycle:versions = yes
        #recycle:keeptree = yes
        admin users = LINGUITRONICS\akong, LINGUITRONICS\stephen, LINGUITRONICS\brian, LINGUITRONICS\Administrator

How to fix it?
Comment 1 akong 2009-01-23 02:22:14 UTC
Created attachment 3888 [details]
I want setup everyone reject used

I click reject at all to everyone.
Comment 2 akong 2009-01-23 02:23:39 UTC
Created attachment 3889 [details]
advanced function

You can see it,s reject before apply.
Comment 3 akong 2009-01-23 02:25:28 UTC
Created attachment 3890 [details]
It's function unused.

It's settings can't use when I apply.
It's still show allow.
I can't set refused permission.
Comment 4 Simo Sorce 2009-02-25 23:30:32 UTC
This is not actually a bug, but a limitation of how ACL mapping from NTFS ACLs to Posix ACLs semantics work.

Jeremy is working on a full user space ACL implementation as a VFS module that one day may address DENY controls, but until then this works as designed.
Comment 5 akong 2009-02-26 00:36:11 UTC
(In reply to comment #4)
> This is not actually a bug, but a limitation of how ACL mapping from NTFS ACLs
> to Posix ACLs semantics work.
> 
> Jeremy is working on a full user space ACL implementation as a VFS module that
> one day may address DENY controls, but until then this works as designed.
> 
Thanks for reply
So, is this a samba vfs moduel in the feature?
Is it right?
And it's can't resloved in this time?
Thanks a lot.
Comment 6 Volker Lendecke 2009-02-26 01:06:13 UTC
Right. It can't be resolved this time in Samba.

Volker
Comment 7 Jeremy Allison 2009-02-26 11:50:23 UTC
You might want to try 3.3.1 which has two experimental VFS ACL modules that implement Windows ACL layered on top of POSIX ACLs. For doing deny ACLs these should work the same as Windows. The ACL modules are acl_xattr or acl_tdb.
Jeremy.
Comment 8 akong 2009-02-26 19:38:18 UTC
(In reply to comment #7)
> You might want to try 3.3.1 which has two experimental VFS ACL modules that
> implement Windows ACL layered on top of POSIX ACLs. For doing deny ACLs these
> should work the same as Windows. The ACL modules are acl_xattr or acl_tdb.
> Jeremy.
> 
Thanks a lot.
I will try it.
If I use ./configure to compile it.
What I must to compile into it?
Thanks a lot.