attn: DCB - reproducing Solaris ACL bug...

Michael Davidson michael_davidson at
Thu May 24 17:11:12 GMT 2001

> On Thu, 24 May 2001, Gerald Carter wrote:
> > >     Can you email me a slightly larger code snippit?
> > >     I don't see this problem in bugtraq, and would
> > >     like to reproduce it here...
> > 
> > I can code up a reproducable test case and send it to you.  Will work
> > on that today.
> ok.  This is beginning to get aggrevating.  My sample code works
> fine... :-(  Let me dig back into lib/sysacls.c and see what I can
> find.  grr....

I saw your messages about the problems with default ACLs under Solaris,
and I constructed a test case similar to the one that you gave just to
see if the same problem existed on UnixWare and, just like you, the test
case works :-(

In the spirit of full disclosure I should admit that the Solaris / UnixWare
ACL code has had almost no testing - after a few minor tweaks it pretty
much 'worked first time' - John Terpstra and I tried a few simple things
with it, but we really didn't do any systematic testing of all of the

As I am sure you realise, the code for dealing with ACLs on directories
is unpleasant since the Solaris acl() system call sets both the access ACL
and the default ACL at the same time, but the POSIX ACL interface which
Jeremy chose to use allows them to be set independently, so any time
you try to set an ACL on a directory you always have to first of all
retrieve the ACL that was already there ...

I have stared at the code for quite a while and really can't see how
you could lose the individual group and user entries from the default
ACL without losing the *entire* default ACL, but I haven't actually
tried to debug this live so to speak.

A trace of all of the acl() system calls would be interesting ...


More information about the samba-technical mailing list