10.4.8 Server, AFP and ACLs
Hello all!
Before escalating I would like to have others take a look a this and confirm.
Setup:
- 10.4.8 Server, OD-master
- AFP Share: "Test"
- Usergroup: standard
AFP-Share "Test":
- Posix: ralph:standard, 644
- ACE: 0: group:standard allow list,add file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr, writeextattr,readsecurity,writesecurity,chown,file_inherit,directoryinherit (ie allow all)
- create Testfile in share:
anotheruser@server:/Volumes/Storage/Test$ touch testfile
anotheruser@server:/Volumes/Storage/Test$ ls -ale testfile
-rw-r--r-- + 1 anotheruser standard 0 31 Okt 11:20 testfile
0: group:standard inherited allow read,write,execute,delete,append,readattr,writeattr,readextattr,writeextattr,re adsecurity,writesecurity,chown
Ok, here we go:
a) chown testfile for a user of the group standard will succeed when ssh'ed to the server
b) chown testfile fails when working on a client computer that is bound to OD and mounts the share via afp.
----------------------------------------------
a)
testuser@client-comp$ ssh server
testuser@server$ chown testuser:standard /Volumes/Storage/Test/testfile
testuser@server$ ls -al /Volumes/Storage/Test/testfile
-rw-r--r-- + 1 testuser standard 0 31 Okt 11:20 testfile
b)
Computer bound to OD:
- 10.4.8
- testuser is a true OD user, not a local user
- log into client computer as testuser
- mount share via afp with testusers credentials
testuser@client-comp:~$ cd /Volumes/Test
testuser@client-comp:/Volumes/Test$ ls -ale testfile
-rw-r--r-- + 1 anotheruser standard 0 31 Okt 11:20 testfile
0: group:standard inherited allow read,write,execute,delete,append,readattr,writeattr,readextattr,writeextattr,re adsecurity,writesecurity,chown
testuser@client-comp:/Volumes/Test$ chown testuser:standard testfile
Permission denied
testuser@client-comp:/Volumes/Test$
Ooops!!!!!
This breaks saving in Freehand MX of opened and edited documents that you want to save and replace (Command-S).
Awaiting thoughts/confirmation before filing bug report.
-Ralph
Before escalating I would like to have others take a look a this and confirm.
Setup:
- 10.4.8 Server, OD-master
- AFP Share: "Test"
- Usergroup: standard
AFP-Share "Test":
- Posix: ralph:standard, 644
- ACE: 0: group:standard allow list,add file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr, writeextattr,readsecurity,writesecurity,chown,file_inherit,directoryinherit (ie allow all)
- create Testfile in share:
anotheruser@server:/Volumes/Storage/Test$ touch testfile
anotheruser@server:/Volumes/Storage/Test$ ls -ale testfile
-rw-r--r-- + 1 anotheruser standard 0 31 Okt 11:20 testfile
0: group:standard inherited allow read,write,execute,delete,append,readattr,writeattr,readextattr,writeextattr,re adsecurity,writesecurity,chown
Ok, here we go:
a) chown testfile for a user of the group standard will succeed when ssh'ed to the server
b) chown testfile fails when working on a client computer that is bound to OD and mounts the share via afp.
----------------------------------------------
a)
testuser@client-comp$ ssh server
testuser@server$ chown testuser:standard /Volumes/Storage/Test/testfile
testuser@server$ ls -al /Volumes/Storage/Test/testfile
-rw-r--r-- + 1 testuser standard 0 31 Okt 11:20 testfile
b)
Computer bound to OD:
- 10.4.8
- testuser is a true OD user, not a local user
- log into client computer as testuser
- mount share via afp with testusers credentials
testuser@client-comp:~$ cd /Volumes/Test
testuser@client-comp:/Volumes/Test$ ls -ale testfile
-rw-r--r-- + 1 anotheruser standard 0 31 Okt 11:20 testfile
0: group:standard inherited allow read,write,execute,delete,append,readattr,writeattr,readextattr,writeextattr,re adsecurity,writesecurity,chown
testuser@client-comp:/Volumes/Test$ chown testuser:standard testfile
Permission denied
testuser@client-comp:/Volumes/Test$
Ooops!!!!!
This breaks saving in Freehand MX of opened and edited documents that you want to save and replace (Command-S).
Awaiting thoughts/confirmation before filing bug report.
-Ralph
Other OS
