[Samba] Inheritable Permissions Issue
mfs
farhan.sarwar at gmail.com
Thu Apr 10 21:45:21 GMT 2008
Did you get to the root of the problem ?
David Eisner-2 wrote:
>
> On Thu, Feb 28, 2008 at 6:51 PM, David Eisner <deisner at gmail.com> wrote:
>
>> Permissions tab of the Advanced Security Settings dialog, whenever I
>> uncheck the "Allow inheritable permissions from the parent to
>> propagate to this object and all child objects" checkbox, and hit
>> Apply, the checkbox always returns to the checked state immediately.
>> It is never possible to get it into an unchecked state. Is this the
>> expected behavior?
>
>
> Just an update. I've been peering through the code trying to debug
> this problem. Here's what I've learned so far:
>
> 1. The value represented by the "inheritable permissions" checkbox is
> stored in the security descriptor's SE_DACL_PROTECTED control flag.
> [1] In the Samba code, these flags are stored in the SEC_DESC
> struct's "type" member.
>
> 2. set_nt_acl() (in smbd/posix_acls.c) is responsible for handling the
> request to set the security descriptor on the file. Among other
> things, it calls append_parent_acl(). This function is clobbering the
> SE_DESC_DACL_PROTECTED bit in psd->type. It has the correct value
> before the call, but it winds up getting cleared.
>
> 3. I see this comment inside append_parent_acl():
>
> /*
> * Note that we're ignoring "inherit permissions" here
> * as that really only applies to newly created files. JRA.
> */
>
> Is this a bug?
>
> I'll take a look at what's in git and do some more research.
>
> -David
>
> [1] http://tinyurl.com/2pt7nh
>
>
> --
> David Eisner http://cradle.brokenglass.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
--
View this message in context: http://www.nabble.com/Inheritable-Permissions-Issue-tp15748956p16618682.html
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba
mailing list