Modification of ACL using NT breaks default ACL on Solaris

Jeremy Allison jeremy at valinux.com
Wed Apr 25 22:43:07 GMT 2001 

Johannes Tyve wrote:
> 
> Directory from Solaris:
> 
> jste at sys7:test> getfacl folder/
> 
> # file: folder/
> # owner: ntsysadm
> # group: adb
> user::rwx
> user:katta:rwx          #effective:rwx
> user:jste:rwx           #effective:rwx
> user:andlag:rwx         #effective:rwx
> group::r-x              #effective:r-x
> mask:rwx
> other:r-x
> default:user::rwx
> default:user:katta:rwx
> default:user:jste:rwx
> default:user:andlag:rwx
> default:group::r--
> default:mask:r--
> default:other:r--
> 
> I NT Security / Permissions:
> 
> Everyone        Special Access (RX) (R)
> SYS7\adb        Special Access (RX) (R)
> SYS7\andlag     Special Access (RWX)(R)
> SYS7\jste       Special Access (RWX)(R)
> SYS7\katta      Special Access (RWX)(R)
> SYS7\ntsysadm   Special Access (RWX)(RWX)
> 
> Not changing anything, only press OK button
> 
> Solaris permissions:
> 
> jste at sys7:test> getfacl folder/
> 
> # file: folder/
> # owner: ntsysadm
> # group: adb
> user::rwx
> user:katta:rwx          #effective:rwx
> user:jste:rwx           #effective:rwx
> user:andlag:rwx         #effective:rwx
> group::r-x              #effective:r-x
> mask:rwx
> other:r-x
> default:user::rwx
> default:group::r--
> default:mask:r--
> default:other:r--
> 
> I NT Security / Permissions:
> 
> Everyone        Special Access (RX) (R)
> SYS7\adb        Special Access (RX) (R)
> SYS7\andlag     Special Access (RWX)*(Nothing)
> SYS7\jste       Special Access (RWX)*(Nothing)
> SYS7\katta      Special Access (RWX)*(Nothing)
> SYS7\ntsysadm   Special Access (RWX)(RWX)
> 

Ok - I've just tried this on Linux using the latest CVS
for 2.2, and I can't reproduce it. What happens to me is
that the default perms get rewritten after changing the mask
to rwx and masking out the current default perms (as expected,
as NT knows nothing about masks).

This looks like a bug in the Solaris lib/sysacl.c layer,
which I can't easily test without access to a Solaris box.

Anyone (DaveCB ?) with access to a Solaris 8 box want to
test this using CVS 2.2 latest ?

Thanks,

	Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------

More information about the samba-technical mailing list