The Samba-Bugzilla – Bug 7581
Users in "admin users" in smb.conf file are unable to read/write all files when the acl_xattr vfs module is used
Last modified: 2010-08-23 04:21:49 UTC
Version of Samba: 3.5.3
OS: Fedora 11 with SELinux disabled
Steps to reproduce:
* Set up samba with ads mode and the acl_xattr vfs module used
for the target share (see config 1). Add user UserB
(for example "Administrator") in the "admin users" config line.
* UserA creates a file and then changes acls such that only
UserA is granted read/write access to the file.
* Use windows notepad.exe to write some text into the file as UserA.
* (On another machine) As UserB navigate to the share and folder
containing the file.
* As UserB try to open the text file. Access is denied.
* On the samba server, remove the acl_xattr module and restart samba.
* As UserB, try to open the file: access is granted. UserB
can read and write the file.
* If you reactivate the acl_xattr module access is once again denied.
Notes of interest:
I don't know how valuable this information is, but the admin users do have
the ability to change the acls of the files they cannot open. In addition they
can read the contents of any directory.
Created attachment 5903 [details]
Fix for 3.5.x.
Please test and report back on the bug if this fixes your problem.
Yes the attached patch fixed the problem for me. My tests passed. :-)
Comment on attachment 5903 [details]
Fix for 3.5.x.
Volker please check then re-assign to Karolin if you're ok with this for 3.5.x.
It fixes the users problem.
Pushed to v3-5-test.
Closing out bug report.