Description of problem: AD user is able to change permission for administrator when accessing samba share.By logging in to a AD USER account it is allowing to change permission for administrator account.Which is not allowing any access to administrator to access directory for which USER has changed permission. Version-Release number of selected component (if applicable): samba-4.1.17-13.el7rhgs.x86_64 How reproducible: Always Steps to Reproduce: Scenario 1: 1. Login as an USER create a directory in samba share. eg. FOLDER_1 2. Set Read only permissions to FOLDER_1 for ADIMINISTRATOR 3. Login as an ADMINISTRATOR 4. Try to create a directory or text file in USER created directory i.e FOLDER_1. 5. Access denied. Scenario 2: 1. Login as an ADMINISTRATOR create a directory in samba share. eg. FOLDER_A 2. Set full access permission to FOLDER_A for USER. 3. Login as an USER. 4. Creare a directory FOLDER_U inside FOLDER_A. 5. Set Read only permissions to FOLDER_U for ADIMINISTRATOR 6. Login as an ADMINISTRATOR. 7. Try to create a directory or text file in USER created directory i.e FOLDER_U. 8. Access denied. Actual results: AD User able to change permission for Administrator. Expected results: AD User should not be able to change permissions for Administrator Additional info:
Closed the samba bugs in bulk when PM_Score was less than 0. As the team was working on few of them, opening all of them.