The Samba-Bugzilla – Bug 6812
Bug in acl_xattr vfs module - changing owner reset permissions
Last modified: 2011-10-31 06:36:59 UTC
Hello, I'm testing Samba 3.4.1 with acl_xattr vfs support on OpenSuSE 11.2 server.
Everything seems to work fine except changing owner via WinXP Explorer Security Tab. I can add or remove user or group permissions without any problem via WinXP on client side. But when I attempt to change file/folder owner (Explorer > Properties > Security > Advanced > Owner > Change Owner), all permissions resets to "Everyone - Full Control".
Both vfs modules (acl_xattr and acl_tdb) works identically - resets permissions.
When I set owner via "chown" command on Linux Server, nothing hapens on Windows side - I see still the same - old owner is set.
This testing server is AD 2003 Domain Member Server. Samba version number is 3.4.1-1.5-2196-SUSE-SL11.2 installed by YaST from SuSE rpm packages.
Underlying filesystem is ext3 with acl and user_xattr enabled. I tested ext4 and reiserfs too. OpenSuSE 11.1 works identically.
On Samba 3.0.22/3.0.28d @ OpenSuSE 10.1 server this works fine without any vfs module (Yes, of course I can use only rwx permissions, but both permissions/ownership setting works without any problem and can be set transparently via Windows Explorer).
Below is my smb.conf. I use it on our production servers (Samba 3.0.22/3.0.28d @ OpenSuSE 10.1) for five years with no errors.
log file = /var/log/samba/samba.log
max log size = 50
socket options = TCP_NODELAY
local master = no
os level = 20
domain master = no
preferred master = no
domain logons = no
server string = OpenSuSE 11.2 MS8
realm = OURDOMAIN.DOMAIN.CZ
workgroup = OURDOMAIN
password server = server.ourdomain.domain.cz
security = ADS
encrypt passwords = yes
vfs objects = acl_xattr
# without this option I'm unable set permissions for user/group/everyone - nothing is ticked in Windows Explorer Tab - but permissions for other users/groups can be set and stored without problem
inherit acls = yes
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users=yes
winbind enum groups=yes
# Share definition
comment = Home Directories
path = /mnt/data1/home
browseable = yes
read only = no
admin users = root @"OURDOMAIN+Domain Admins"
# End of smb.conf file
Thank you very much for your answer.
Tomas Lajbl, Prague, Czech Republic.
Ok, when you set the owner via chown on the Linux server, in 3.4.x there's no way for the Samba server to know the owner has changed. In 3.5.0 and above, the server stored a cryptographic hash that will allow Samba to know the ACL or owners have changed, and it will automatically refresh.
I'll investigate the issue with owner being changed via Windows.
Hey Jeremy, I think this may be a DUP of Bug # 6892. I saw the same behavior before we put in our patch for 6892. And I suspect your patch will fix this.
*** This bug has been marked as a duplicate of bug 6892 ***