Bug 9403 - samba-tool ntacl: could not set ACL that contains a Deny ACE
samba-tool ntacl: could not set ACL that contains a Deny ACE
Status: NEW
Product: Samba 4.0
Classification: Unclassified
Component: File services
4.0.0rc2
All All
: P5 normal
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-11-15 13:35 UTC by Tobias Peters
Modified: 2012-11-15 13:35 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Peters 2012-11-15 13:35:23 UTC
Using the Windows 7 explorer the following NTACL was set on a folder in a 
share served by Samba4 RC2

root@master:~# samba-tool ntacl get --as-sddl  /myshare/folder1
O:S-1-5-21-2159416005-224523052-165761012-1549G:DUD:
(A;OICI;0x001f01ff;;;S-1-5-21-2159416005-224523052-165761012-1549)
(A;OICI;0x001200a9;;;DU)(A;OICI;       0x001200a9;;;WD)(A;;0x001200a9;;;DU)
(A;;0x001f01ff;;;S-1-5-21-2159416005-224523052-165761012-1549)
(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)

Trying to set this SDDL results in the following error:

root@master:~# samba-tool ntacl set 
'O:S-1-5-21-2159416005-224523052-165761012-1549G:DUD:AI(D;OICI;RPCRDCLC;;;DU)
(A;ID;0x001f01ff;;;S-1-5-21-2159416005-224523052-165761012-1549)
(A;OICIIOID;0x001f01ff;;;CO)(A;ID;0x001200a9;;;DU)(A;OICIIOID;0x001200a9;;;CG)
(A;OICIID;0x001200a9;;;WD)' /myshare/folder2
add_current_ace_to_acl: malformed ACL in file ACL ! Deny entry after Allow 
entry. Failing to set on file /myshare/folder2.