ACL for a chmod on a cifs client to Windows server
David Collier-Brown
davecb at sun.com
Thu Jan 10 18:20:19 GMT 2008
Shirish Pargaonkar wrote:
> cifs client, when chmod command is issued, follows what
> SFU/Interix does. Is this the behaviour that cifs client
> should exhibit (that is how it is implemented currently)?
>
> The alternative behavior would be that all ACEs are preserved,
> except those for owner, owning group (if present), and
> everyone (those three would be overwritten by the mode bits).
>
> Regards,
>
> Shirish
>
>
> When doing a chmod on Interix, always the following is done:
> - all ACLs are removed and replaced by 3 new ACLs,
> one for the windows file owner, one for the group of the
> file owner and one for Everyone (SSID: S-1-1-0)
>
Solaris seems to do something different from either...
If you use chmod to change the file group owner permissions
on a file with ACL entries, both the file group owner per-
missions and the ACL mask are changed to the new permis-
sions. Be aware that the new ACL mask permissions may change
the effective permissions for additional users and groups
who have ACL entries on the file. Use the getfacl(1) command
to make sure the appropriate permissions are set for all ACL
entries.
... I tested this, as follows
froggy> touch foo
froggy> chacl joyce rw- foo # chacl is a script of mine, to mimic chmod
froggy> chacl jet rw- foo
froggy> ls -l foo
-rw-r--r--+ 1 davecb staff 0 Jan 10 13:09 foo
froggy> getfacl foo
# file: foo
# owner: davecb
# group: staff
user::rw-
user:joyce:rw- #effective:rw-
group::r-- #effective:r--
group:jet:rw- #effective:rw-
mask:rw-
other:r--
Ok, setfacl worked fine...
froggy> chmod g-r foo
froggy> getfacl foo
# file: foo
# owner: davecb
# group: staff
user::rw-
user:joyce:rw- #effective:-w-
group::--- #effective:---
group:jet:rw- #effective:-w-
mask:-w-
Mask changed from rw- to -w-, joyce and jety loat their r permission
because of it. They dn't lose their explicit eprmissions, joust
had them masked out.
--dave
--
David Collier-Brown | Always do right. This will gratify
Sun Microsystems, Toronto | some people and astonish the rest
davecb at sun.com | -- Mark Twain
(800) 555-9786 x56583 cell: (647) 833-9377 home off: (416) 223-5943
More information about the samba-technical
mailing list