Version of Samba: 3.5.3 OS: Fedora 11 with SELinux disabled Steps to reproduce: * Set up samba with ads mode and the acl_xattr vfs module used for the target share (see config 1). Add user UserB (for example "Administrator") in the "admin users" config line. * UserA creates a file and then changes acls such that only UserA is granted read/write access to the file. * Use windows notepad.exe to write some text into the file as UserA. * (On another machine) As UserB navigate to the share and folder containing the file. * As UserB try to open the text file. Access is denied. * On the samba server, remove the acl_xattr module and restart samba. * As UserB, try to open the file: access is granted. UserB can read and write the file. * If you reactivate the acl_xattr module access is once again denied. Notes of interest: I don't know how valuable this information is, but the admin users do have the ability to change the acls of the files they cannot open. In addition they can read the contents of any directory.
Created attachment 5903 [details] Fix for 3.5.x. Please test and report back on the bug if this fixes your problem. Thanks, Jeremy.
Yes the attached patch fixed the problem for me. My tests passed. :-) Thank you.
Comment on attachment 5903 [details] Fix for 3.5.x. Volker please check then re-assign to Karolin if you're ok with this for 3.5.x. It fixes the users problem. Jeremy.
Pushed to v3-5-test. Closing out bug report. Thanks!