Empty ACEs
Ken Cross
kcross at nssolutions.com
Thu May 22 12:14:49 GMT 2003
I entered this in Bugzilla as #106.
Ken
________________________________
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com
> -----Original Message-----
> From: Ken Cross [mailto:kcross at nssolutions.com]
> Sent: Thursday, May 22, 2003 8:02 AM
> To: 'Multiple recipients of list SAMBA-TECHNICAL'
> Subject: Empty ACEs
>
>
> Samba-Folk:
>
> POSIX ACLs require the 3 standard ACEs: USER_OBJ, GROUP_OBJ,
> and OTHER. But if you clear all the ALLOW and DENY bits in
> the Security tab for a file, Windows doesn't send them at all.
>
> Currently, the ensure_canon_entry_valid routine in
> posix_acls.c makes sure all 3 are valid. If they don't
> exist, it reads the existing ACE and uses it.
>
> That makes it impossible to, for example, clear all the bits
> for "Everyone" (aka, OTHER). If you clear them all, Windows
> doesn't send any OTHER ACE and ensure_canon_entry_valid
> replaces it with whatever was there before; hence it's not changed.
>
> There could be a number of ways to resolve this, but the way
> it is now doesn't seem right.
>
> Ken
> ________________________________
>
> Ken Cross
>
> Network Storage Solutions
> Phone 865.675.4070 ext 31
> kcross at nssolutions.com
>
More information about the samba-technical
mailing list