[Samba] Inheritable Permissions Issue

mfs farhan.sarwar at gmail.com
Thu Apr 10 21:45:21 GMT 2008


Did you get to the root of the problem ?

David Eisner-2 wrote:
> 
> On Thu, Feb 28, 2008 at 6:51 PM, David Eisner <deisner at gmail.com> wrote:
> 
>>  Permissions tab of the Advanced Security Settings dialog, whenever I
>>  uncheck the "Allow inheritable permissions from the parent to
>>  propagate to this object and all child objects" checkbox, and hit
>>  Apply, the checkbox always returns to the checked state immediately.
>>  It is never possible to get it into an unchecked state. Is this the
>>  expected behavior?
> 
> 
> Just an update.  I've been peering through the code trying to debug
> this problem.  Here's what I've learned so far:
> 
> 1. The value represented by the "inheritable permissions" checkbox is
> stored in the security descriptor's SE_DACL_PROTECTED control flag.
> [1]  In the Samba code, these flags are stored in the SEC_DESC
> struct's "type" member.
> 
> 2. set_nt_acl() (in smbd/posix_acls.c) is responsible for handling the
> request to set the security descriptor on the file.  Among other
> things, it calls append_parent_acl().  This function is clobbering the
> SE_DESC_DACL_PROTECTED bit in psd->type.  It has the correct value
> before the call, but it winds up getting cleared.
> 
> 3. I see this comment inside append_parent_acl():
> 
>     /*
>      * Note that we're ignoring "inherit permissions" here
>      * as that really only applies to newly created files. JRA.
>      */
> 
> Is this a bug?
> 
> I'll take a look at what's in git and do some more research.
> 
> -David
> 
> [1] http://tinyurl.com/2pt7nh
> 
> 
> -- 
> David Eisner     http://cradle.brokenglass.com
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> 

-- 
View this message in context: http://www.nabble.com/Inheritable-Permissions-Issue-tp15748956p16618682.html
Sent from the Samba - General mailing list archive at Nabble.com.



More information about the samba mailing list