Bug 8034 - SEC_STD_DELETE is always granted to the owner of a file
Summary: SEC_STD_DELETE is always granted to the owner of a file
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: File services (show other bugs)
Version: 3.5.8
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2011-03-22 16:31 UTC by Stefan Metzmacher
Modified: 2011-03-25 19:50 UTC (History)
2 users (show)

See Also:

Backport Patches for v3-5-test (3.61 KB, patch)
2011-03-22 16:31 UTC, Stefan Metzmacher
jra: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2011-03-22 16:31:38 UTC
Created attachment 6339 [details]
Backport Patches for v3-5-test

On a Samba server the owner of a file can always delete
a file, even if the ACL (provided by the acl_xattr module)
doesn't grant SEC_STD_DELETE on the file and also not
FILE_DELETE_CHILD on the parent directory.

A Windows Server rejects the delete operation with ACCESS_DENIED
in that case.

That also matches [MS-DTYP] Access Check Algorithm Pseudocode.
Comment 1 Jeremy Allison 2011-03-24 17:34:24 UTC
Comment on attachment 6339 [details]
Backport Patches for v3-5-test

Looks good to me ! An OEM also tested and confirmed good.
Comment 2 Jeremy Allison 2011-03-24 17:35:00 UTC
Re-assigning to Karolin for inclusion in 3.5.next.
Comment 3 Karolin Seeger 2011-03-25 19:50:37 UTC
Pushed to v3-5-test.
Closing out bug report.