[linux-cifs-client] Odd behavior with cifs and setfacl (posix ACLs)
Rob Henderson
robh at cs.indiana.edu
Tue Feb 10 17:40:52 GMT 2009
We're using cifs to mount filesystems from a samba server using the unix
file extensions. We are using posix ACLs and are seeing very odd
behavior when setting ACLs using setfacl. The symptom is that setting
default acls on a directory kills other acl entries, and vise versa.
Here is a simple demonstration of the problem.
1. Create a directory and set a simple user acl:
% mkdir testdir
% setfacl -m user:testuser:rwx testdir
% getfacl --omit-header testdir
user::rwx
user:testuser:rwx
group::---
mask::rwx
other::---
2. Now set a default user acl which removes the acl set in step 1:
% setfacl -m default:user:testuser:rwx testdir
% getfacl --omit-header testdir
user::rwx
group::---
other::---
default:user::rwx
default:user:testuser:rwx
default:group::---
default:mask::rwx
default:other::---
3. We now try and put back the acl that was removed and that removes
the defaults!
% setfacl -m user:testuser:rwx testdir
% getfacl --omit-header testdir
user::rwx
user:testuser:rwx
group::---
mask::rwx
other::---
4. Okay, so now lets try and set them both at once but we only get the
defaults:
% setfacl -m user:testuser:rwx,default:user:testuser:rwx testdir
% getfacl --omit-header testdir
user::rwx
group::---
other::---
default:user::rwx
default:user:testuser:rwx
default:group::---
default:mask::rwx
default:other::---
5. What if we do it the other way around then we don't get the defaults:
% setfacl -m default:user:testuser:rwx,user:testuser:rwx testdir
% getfacl --omit-header testdir
user::rwx
user:testuser:rwx
group::---
mask::rwx
other::---
So, it really seems to only want me to set one or the other. I am able
to set them both using either the local filesystem or nfs and, once set,
I can see them properly via cifs. But, there seems to be some problem
with the setting of default acls via cifs.
Any thoughts?
BTW, my testing has been with RHEL4 and RHEL5 samba servers and RHEL5
clients (with both the stock 5.3 kernel and 2.6.18-129.el5.jtltest.60).
Thanks!
--Rob
More information about the linux-cifs-client
mailing list