Problem with default ACLs

Olaf Fr±czyk olaf at cbk.poznan.pl
Tue Oct 9 08:44:30 GMT 2001


On 2001.10.05 22:49:10 +0200 Jeremy Allison wrote:
> 
> Ok - you can get the effect you need under 2.2.2 by adding
> the parameter "inherit permissions = Yes" to the share in
> question. This causes the initial mode_t to be inherited
> from the parent directory, which is essentially what you
> want.
Hi,

Sorry, for late reply, but I was travelling a bit.

If we have default acls then we should create a file in this way:

fd=open("test_touch", O_WRONLY | O_CREAT | O_NONBLOCK | O_NOCTTY,          
    S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);

This is exacltly, as it 'touch' does. And it is perfect.

To find out if parent directory has default acl we can use:

struct acl *test_acl;
test_acl=acl_get_file("ParentDirectoryName",ACL_TYPE_DEFAULT);
if(test_acl) /*The call was successful*/
    {
    if(test_acl->acl_cnt)
	{
	/*we have default ACL, new code here*/
	}
    else
	{
	/*we don't have default ACL, old code here*/
	}
    }
else
    {
    /* ACL are not supported, or an error occured, old code here */
    }

Sorry, I didn't send a patch, but I don't know samba code well,
and it is not easy to dig through it ;)

I have tried "inherit permissions" before I sent my email.
This doesn't work perfectly:

1.
The folder has permissions:
test_folder [u:olaf:---,u:piotr:rwx,g::rwx,u::rwx,o::---,m::rwx/u:olaf:---,u:piotr:rwx,g::rwx,u::rwx,o::---,m::rwx]
And the files created in this folder:
Under windows:
test_win_inherited.txt [u:olaf:---,u:piotr:rwx,g::rw-,u::rwx,o::---,m::rwx]
Under linux:
test_linux.txt [u:olaf:---,u:piotr:rwx,g::rwx,u::rw-,o::---,m::rw-]

So, as you see, there is mask with rw-. And the user 'piotr' doesn't have
permission to execute the file.
When created under windows, it has this right. This is true also for owner.

2.
For user,group.other, the inherited permissions are the normal permissions
of directory, not the default:
test_folder [o::rwx,u:piotr:rwx,g::rwx,u::rwx,m::rwx/o::---,g::rwx,u::rwx,m::rwx,u:piotr:---]
And files:
test2_linux.txt [o::---,g::rwx,u::rw-,m::rw-,u:piotr:---]
test2_win_inherited.txt [o::rw-,g::rw-,u::rwx,m::rwx,u:piotr:---]

Regards,

Olaf





More information about the samba-technical mailing list