The Samba-Bugzilla – Bug 8102
domuser can change ACL from his files over the network
Last modified: 2012-10-25 07:10:47 UTC
On a Windows 2003 system it is not allowed to change the ACLs from a normal domuser. The corresponding checkbox is grayed out on the ACL editor(only on client side). Therefore it impossible for the client to make changes on the ACL.
Connection the client to a SAMBA server shows a different behavior. The checkbox is active and the domuser can change the ACL.
In the meantime, Stefan Metzmacher has found the solution for this. It is the share acls that make the difference. Full control granted via the share acls enables acl setting remotely even on W2k3. Probably one of my test systems was not properly configured.
We're working on this.
Thanks for the bug report!
Update: I've talked to people from Microsoft at SambaXP, and it was not immediately clear how this is exactly supposed to work. MS will soon respond.
Created attachment 6666 [details]
Patch for master
This is a patch for master.
Stefan, can you take a look? This survives my initial testing.
Comment on attachment 6666 [details]
Patch for master
I've pushed this to autobuild
Created attachment 6682 [details]
Patch for v3-6-test
(In reply to comment #6)
> Created attachment 6682 [details]
> Patch for v3-6-test
Pushed to v3-6-test.
The patches do not apply to v3-5-test, the bug report is against 3.5.
Volker/Metze, is there a chance to get a backport for 3.5?
Metze, is there a chance to get a backport for 3.5?
Maybe for 3.5.12, I'm not sure if I have the time to do it for 3.5.11,
as the patches doesn't apply in 3.5.
I don't think this will make it into any 3.5 release anymore