Bug 7973 - some shared folders (root folders and non root folders) are seen as files on Windows XP and Windows 2003 having ACL enabled
some shared folders (root folders and non root folders) are seen as files on ...
Status: NEW
Product: Samba 3.4
Classification: Unclassified
Component: File services
3.4.7
x86 Linux
: P3 normal
: ---
Assigned To: Volker Lendecke
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-02-24 15:15 UTC by Leonardo Borda
Modified: 2011-02-24 15:43 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Leonardo Borda 2011-02-24 15:15:29 UTC
Hi Guys,

Some samba shared folders (root folders and non root folders) are seen as files on Windows XP and Windows 2003 when ACL is enabled.
If I rename a folder, delete it or create a new folder, a different folder becomes a file. 

We have identified that this error occurs when a "file" has acl mask set to mask::---  in the directory. ie:
# file: file.exe
# owner: Domain+user
# group: BUILTIN+administrators
user::rw-
group::r-x	#effective:---
group:Domain+domain\040admins:rwx	#effective:---
group:Domain+admindd:rwx	#effective:---
group:Domain+adminddc:rwx	#effective:---
mask::---
other::---

Here is the smb.conf shared section..

[shared]
  comment = Shared Area
  path = /samba/shared
  read only = No
  create mask = 0770
  force security mode = 0700
  inherit acls = Yes
  hide unreadable = Yes
  fstype = XFS 1.2
  vfs objects = full_audit, shadow_copy

Steps to reproduce.

1. Enable acls
2. Configure samba as described above.
3. create 3 folders, create a file inside each folder and set one of the files as follow:
sudo setfacl -m m:--- filename
4. Join a winxp or windows 2003 into a domain and try to access a shared folder.

Please let me know if you need anything else.

Leonardo
Comment 1 Leonardo Borda 2011-02-24 15:31:18 UTC
Problem is fixed by changing acl mask permissions.

Leonardo
Comment 2 Leonardo Borda 2011-02-24 15:43:53 UTC
(In reply to comment #1)
> Problem is fixed by changing acl mask permissions.
> 
> Leonardo
> 

I mean a workaround can be found however the problem exists.

Leonardo