[Samba] 3.0.24 and disappearing ACL entries

[Aaron Kincer]

I've been working at this for a few days now and I can't figure out what 
is broken. Google turns up similar issues from years back, but I hope 
this is a bug resurfacing. ACL entries are being deleted when files are 
saved. Here is an example:

username: user1
group membership: Domain Users
directory: /share/test
file: test.xls
getfacl /share

# file: share
# owner: DOMAIN+backupuser
# group: DOMAIN+domain\040users
user::rwx
user:DOMAIN+backupuser:rwx
group::rwx
group:DOMAIN+domain\040users:rwx
mask::rwx
other::rwx

getfacl /share/test

# file: share/test
# owner: DOMAIN+backupuser
# group: DOMAIN+domain\040admins
user::rwx
group::rwx
group:DOMAIN+domain\040users:rwx
group:DOMAIN+domain\040admins:rwx
mask::rwx
other::rwx

getfacl /share/test/test.xls

# file: test.xls
# owner: DOMAIN+backupuser
# group: DOMAIN+domain\040admins
user::rwx
user:DOMAIN+backupuser:rwx
group::rwx
group:DOMAIN+domain\040users:rwx
group:DOMAIN+domain\040admins:rwx
mask::rwx
other::rwx

If user1 opens the file in excel, makes a change and saves it, then the 
facl for test.xls becomes:

# file: test.xls
# owner: DOMAIN+user1
# group: DOMAIN+domain\040users
user::rwx
user:DOMAIN+backupuser:rwx
group::rwx
group:DOMAIN+domain\040admins:rwx
mask::rwx
other::rwx

The entry for Domain Users was deleted. Note that I have the default 
group other set to rwx as a work around because it causes users to be 
locked out of their files. If you want to see something really strange, 
you should see what happens if I change the file and group owner back to 
what it was before user1 modified it and let user1 save it again. But 
for now, I need to know how to fix this. Anyone have any ideas? My 
config from 3.0.22 didn't change, but I've tried a variety of things to 
fix this. I've got these all set:

      [global]

       store dos attributes = Yes
       dos filemode = Yes
       dos filetime resolution = Yes
       acl compatibility = yes
       ea support = Yes
       map acl inherit = yes
       inherit permissions = Yes
       inherit acls = Yes
     
       [test]

       comment = test drive
       path = /share/test
       read only = No
       create mask = 0777
       directory mask = 0777
       guest ok = Yes
       map readonly = permissions
       nt acl support = yes
       inherit acls = yes
      
Any ideas would be greatly appreciated.

Thanks,

Aaron Kincer

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba