On Jan 28, 2008, at 10:38 AM, Noah Abrahamson wrote:
On Jan 28, 2008, at 9:32 AM, James Peach wrote:
On Jan 27, 2008, at 5:10 PM, Noah Abrahamson wrote:
I'm working with MOSXS 10.5.1 and configuring Samba for
filesharing to my Windows users. It seems my Windows users can't
write to the root level of the sharepoint, when they should -- by
virtue of being in an ACL with full permission.
Let's say I map a drive using the account "its-testuser" on a
WinXPSP2 box. When that user tries to create a folder, the folder
is successfully created -- but the name can't be change from the
default "New Folder".
[snip]
I don't see any system calls that would indicate a rename. This
might imply that Samba is denying the rename, rather than the system
denying the rename. I'll see whether I can reproduce and get back to
you.
The workaround is to append the following lines to /etc/smb.conf:
[global]
acl check permissions = no
See smb.conf(8) for a detailed explanation of what Samba is trying to
do. the problem arises because Darwin ACLs are closer to Windows ACLs
that to POSIX ACLs, so Samba doesn't quite get the access check
correct on Darwin.
I think that there is a code path to the POSIX ACL check that is not
guarded by "acl check permissions", so I'm not guaranteeing that this
workaround is 100%.
