On Fri, Jan 30, 2009 at 01:53:08PM -0800, Jeremy Allison wrote: > Volker's changes are correct, in that delete access in POSIX does not > belong to a file itself, but to the containing directory. So really > we should remove the DELETE_ACCESS bit from both the file and the > directory ACL returned. This unfortunately breaks the fiction of > a rwx permission mapping directly into Windows FULL_CONTROL. What > your users can do with the file over Samba hasn't actually changed, > is they have write access to the directory they can still delete > the file, but the ACLs "look funny". > > I'll think some more about how we can restore the fiction for > the users without having to use the experimental native ACL > store.
I have a patch for this but the problem is that it's a harder problem than it looks (still working on the patch). The issue is that whether a file can be deleted or not is a different issue to whether a particular ACL element has the DELETE bit set. A file can be deleted by an admin/root user, or by a user with se_restore privilege set, as well as by users matching an ACL entry. Currently the Samba code conflates the two cases, so I'm having to disentangle them as at the same time. This is an *interesting* change :-). I should have a final fix no later than Monday, but it might take me that long. Just an FYI for people waiting on this fix. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba