eduardok
commented
4 years ago Please check if the behaviour is the same when running the command line utility smbclient:
smbclient //yourserver/sharename -U domain\\username
Then use mkdir and chmod.
Open szaqal83 opened 4 years ago
eduardok
commented
4 years ago Please check if the behaviour is the same when running the command line utility smbclient:
smbclient //yourserver/sharename -U domain\\username
Then use mkdir and chmod.
szaqal83
commented
4 years ago chmod doesn't work in my case because:
chmod 0777 ctest
results
Server doesn't support UNIX CIFS calls.
some similar issue , issue, issue were reported do smbcacls samba-tool, after any call of smbcacls with -a | -M | -D (add, change, delete), Inheritance flag DI is lost, before ACL modifications smbcacls shows: CONTROL:SR|DI|DP (numeric 0x8404), after calling smbcacls with -a | -M | -D (even if no real ACL modification is made - fake user ACL add) shows: CONTROL:SR|DP (numeric 0x8004) - SEC_DESC_DACL_AUTO_INHERITED flag 0x0400 is lost.
Checked od Debian 10.1 (smbcacls 4.9.5) Ubuntu 20.04 (smbcacls 4.11.6) from those systems I've been setting ACL for remote share od Win2012r2, I've even tried to change ACL on Win10 share, and got exact same results so I think it's not a Win2012r2 or libsmbclient-php issue but some samba related problem.
eduardok
commented
3 years ago Is that share the user's profile one? Or just some generic share?
szaqal83
commented
3 years ago My main test case Was changing ACLs for AD user home dir, but it also occures on generic shares, as I've mentioned before even smbcacls causes this behaviour, so I think it is a deeper problem, not your lib ;)
kratzersmz
commented
3 years ago Hi, any news on this?
greets
eduardok
commented
3 years ago @kratzersmz , just to make it clear, since this issue is already observed on libsmbclient itself, we won't take any action, unless one of you / @szaqal83 have a way to clearly reproduce it (e.g. provide me all the commands), then I could try to help. Also, what Samba (libsmbclient) version are you guys on? What distribution (curious) ?
szaqal83
commented
3 years ago I'm using Debian 10 (64bit), PHP 8.0.1, libsmbclient 4.9.5.
Steps to reproduce:
$acls = smbclient_getxattr($state, $share, 'system.nt_sec_desc.*+'); smbclient_setxattr($state, $share, 'system.nt_sec_desc.*+', $acls); 
DI lost!
Creating dir on Win2k8R2 like this:
smbclient_mkdir($state, $share, 0700);without setting *system.nt_sec_desc.+ results smbcacls** output:
REVISION:1 CONTROL:SR|DI|DP OWNER:BUILTIN\Administrators GROUP:PUW\Domain Users ACL:BUILTIN\Administrators:ALLOWED/I/FULL ACL:CREATOR OWNER:ALLOWED/OI|CI|IO|I/FULL ACL:PUW\Gr_Administratorzy_Merkury:ALLOWED/OI|CI|I/FULL ACL:NT AUTHORITY\SYSTEM:ALLOWED/OI|CI|I/FULL ACL:BUILTIN\Administrators:ALLOWED/OI|CI|IO|I/FULLbut when I'm setting *system.nt_sec_desc.+** manually:
`$acls = array( 'ACL:BUILTIN\Administrators:ALLOWED/16/FULL', 'ACL:CREATOR OWNER:ALLOWED/27/FULL', 'ACL:PUW\Gr_Administratorzy_Merkury:ALLOWED/19/FULL', 'ACL:NT AUTHORITY\SYSTEM:ALLOWED/19/FULL', 'ACL:BUILTIN\Administrators:ALLOWED/27/FULL' );
smbclient_mkdir($state, $share, 0700);
smbclient_setxattr($state, $share, 'system.nt_sec_desc.*+', implode(',', $acls));`
smbcacls outputs:
REVISION:1 CONTROL:SR|DP OWNER:BUILTIN\Administrators GROUP:PUW\Domain Users ACL:CREATOR OWNER:ALLOWED/OI|CI|IO|I/FULL ACL:NT AUTHORITY\SYSTEM:ALLOWED/OI|CI|I/FULL ACL:BUILTIN\Administrators:ALLOWED/I/FULL ACL:BUILTIN\Administrators:ALLOWED/OI|CI|IO|I/FULL ACL:PUW\Gr_Administratorzy_Merkury:ALLOWED/OI|CI|I/FULLCONTROL flag lost DI, and ALC's are in different order, changeing order of ACL's in array doesn't take any effect. First and second share permissions look the same in Windows 10. Creating subdir in second share causes Windows alert about permissions order.