[linux-cifs-client] Odd behavior with cifs and setfacl (posix ACLs)

Rob Henderson robh at cs.indiana.edu
Tue Feb 10 17:40:52 GMT 2009 

We're using cifs to mount filesystems from a samba server using the unix 
file extensions.  We are using posix ACLs and are seeing very odd 
behavior when setting ACLs using setfacl.  The symptom is that setting 
default acls on a directory kills other acl entries, and vise versa.   
Here is a simple demonstration of the problem.

1.  Create a directory and set a simple user acl:

    % mkdir testdir
    % setfacl -m user:testuser:rwx testdir
    % getfacl --omit-header testdir
    user::rwx
    user:testuser:rwx
    group::---
    mask::rwx
    other::---

2. Now set a default user acl which removes the acl set in step 1:

    % setfacl -m default:user:testuser:rwx testdir
    % getfacl --omit-header testdir
    user::rwx
    group::---
    other::---
    default:user::rwx
    default:user:testuser:rwx
    default:group::---
    default:mask::rwx
    default:other::---

3.  We now try and put back the acl that was removed and that removes 
the defaults!

    % setfacl -m user:testuser:rwx testdir
    % getfacl --omit-header testdir
    user::rwx
    user:testuser:rwx
    group::---
    mask::rwx
    other::---

4.  Okay, so now lets try and set them both at once but we only get the 
defaults:

    % setfacl -m user:testuser:rwx,default:user:testuser:rwx testdir
    % getfacl --omit-header testdir
    user::rwx
    group::---
    other::---
    default:user::rwx
    default:user:testuser:rwx
    default:group::---
    default:mask::rwx
    default:other::---

5.  What if we do it the other way around then we don't get the defaults:

    % setfacl -m default:user:testuser:rwx,user:testuser:rwx testdir
    % getfacl --omit-header testdir
    user::rwx
    user:testuser:rwx
    group::---
    mask::rwx
    other::---

So, it really seems to only want me to set one or the other.  I am able 
to set them both using either the local filesystem or nfs and, once set, 
I can see them properly via cifs.  But, there seems to be some problem 
with the setting of default acls via cifs.

Any thoughts?

BTW, my testing has been with RHEL4 and RHEL5 samba servers and RHEL5 
clients (with both the stock 5.3 kernel and 2.6.18-129.el5.jtltest.60).

Thanks!

 --Rob

More information about the linux-cifs-client mailing list