Problems with ACLs in 2.2.8

Buck Huppmann buckh at
Wed Apr 2 03:07:46 GMT 2003

On Tue, Apr 01, 2003 at 02:54:27PM +0200, Michael Steffens wrote:

> From my understanding Samba has no other choice than inserting missing
> object ACEs, because it's impossible to set a POSIX ACL without. The
> crucial point not being whether, but what to insert. What does the
> client intend when sending an ACL without object entries?

sorry. i should have guessed there was some Windows idiosyncracy you
all were working around before i went and #if-ed out all your code.
since i haven't been using samba with MS Office running on Win2k, i
can't comment on your findings, so i should probably bow out, but
for those of us who are fortunate enough to be using platforms that
don't have the savvy to reset ACLs brokenly when creating temp files,
it'd be nice if there was an option not to have the Win2k workaround
foisting permissions on us we're trying to get rid of. e.g., can the
current_posix_acl stuff be skipped if nt4_compatible_acls()?

that all said, i think this bit is incorrect:

               if (setting_acl) {
                        if (got_current_grp) {
                                pace->perms = current_grp_perms;
                        } else {
                                /* If we only got an "everyone" perm, * just use that. */
                                if (got_other)
                                        pace->perms = pace_other->perms;
                                        pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP);
                        apply_default_perms(fsp, pace, S_IRGRP);
                } else {
                        pace->perms =
unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP);

i.e., in the fall-through case there, rather than assigning the result
of unix_perms_to_acl_perms(), it should be zero, just like the default
for the user perm (not shown), although you'll almost certainly always
have got_current_grp

sorry to rant. i appreciate you guys have a rough go of it, trying to
keep pace with Microsoft's ``innovations'' like half-a*ed ACLs, so i'm
really grateful and thank you

More information about the samba-technical mailing list