X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Sat, 9 Jan 2010 11:06:19 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: 1.7.1-1 noacl on samba share has incorrect directory write bit
Message-ID: <20100109100619.GK23992@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20100107180214 DOT GP23972 AT calimero DOT vinschen DOT de>  <4B462AFD DOT 8030809 AT fastmail DOT fm>  <20100107195022 DOT GQ23972 AT calimero DOT vinschen DOT de>  <4B463D68 DOT 1070906 AT fastmail DOT fm>  <20100107200946 DOT GR23972 AT calimero DOT vinschen DOT de>  <4B46431E DOT 7050101 AT fastmail DOT fm>  <20100108103215 DOT GB27916 AT calimero DOT vinschen DOT de>  <4B47626B DOT 4060104 AT fastmail DOT fm>  <4B4793BC DOT 10401 AT cygwin DOT com>  <4B481B64 DOT 4090502 AT fastmail DOT fm>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4B481B64.4090502@fastmail.fm>
User-Agent: Mutt/1.5.20 (2009-06-14)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Jan  9 01:00, Raman Gupta wrote:
> On 01/08/2010 03:21 PM, Larry Hall (Cygwin) wrote:
> >On 01/08/2010 11:50 AM, Raman Gupta wrote:
> >>With the dro option, the latter would correctly remove the write bit on
> >>foo in /tmp/from_noacl.
> >
> >So perhaps you can explain why setting "acl" isn't the solution here?
> 
> Unfortunately, acl mode is unusable in a non-domain environment as
> all the files have ownership/permissions relative to the server
> user/group rather than the client workstation user/group.
> 
> Reference this mailing list discussion back in 2000:
> 
> http://sources.redhat.com/ml/cygwin/2000-12/msg00546.html
> 
> It appears this discussion is actually what led Corinna to add the
> smbntsec mount option. The issues are summarized well in this mail
> from Charles Wilson:
> 
> http://sources.redhat.com/ml/cygwin/2000-12/msg00756.html

The problems are mostely fixed.  I'm using this setting for a long
while now.  The ownership is the one of the UNIX user and group,
but that doesn't change the fact that you can read and change the
permissions.  You can even fetch the user and groups from the Samba
server using mkpasswd and mkgroup.  Looks like this in my environment:

  $ mkpasswd -L calimero -S_ -U root,corinna
  Unix User_root:unused:10000:99999:,S-1-22-1-0::
  Unix User_corinna:unused:10500:99999:,S-1-22-1-500::

  $ mkgroup -L calimero -S_ -U root,users
  Unix Group_root:S-1-22-2-0:10000:
  Unix Group_users:S-1-22-2-100:10100:


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple