8034 – SEC_STD_DELETE is always granted to the owner of a file

Bug 8034 - SEC_STD_DELETE is always granted to the owner of a file

Summary: SEC_STD_DELETE is always granted to the owner of a file

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.5
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	3.5.8
Hardware:	All All

Importance:	P5 normal
Target Milestone:	---
Assignee:	Karolin Seeger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-03-22 16:31 UTC by Stefan Metzmacher
Modified:	2011-03-25 19:50 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Backport Patches for v3-5-test (3.61 KB, patch) 2011-03-22 16:31 UTC, Stefan Metzmacher	jra: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Metzmacher 2011-03-22 16:31:38 UTC

Created attachment 6339 [details]
Backport Patches for v3-5-test

On a Samba server the owner of a file can always delete
a file, even if the ACL (provided by the acl_xattr module)
doesn't grant SEC_STD_DELETE on the file and also not
FILE_DELETE_CHILD on the parent directory.

A Windows Server rejects the delete operation with ACCESS_DENIED
in that case.

That also matches [MS-DTYP] 2.5.3.2 Access Check Algorithm Pseudocode.

Comment 1 Jeremy Allison 2011-03-24 17:34:24 UTC

Comment on attachment 6339 [details]
Backport Patches for v3-5-test

Looks good to me ! An OEM also tested and confirmed good.
Jeremy.

Comment 2 Jeremy Allison 2011-03-24 17:35:00 UTC

Re-assigning to Karolin for inclusion in 3.5.next.
Jeremy.

Comment 3 Karolin Seeger 2011-03-25 19:50:37 UTC

Pushed to v3-5-test.
Closing out bug report.

Thanks!