BUG: Propagating ACLs down a directory tree only works for onele vel per attempt

Jim McDonough jmcd at us.ibm.com
Tue Apr 8 00:51:43 GMT 2003 




What level?  Seems to me Jeremy and I already saw this one once...

----------------------------
Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA

jmcd at us.ibm.com
jmcd at samba.org

Phone: (207) 885-5565
IBM tie-line: 776-9984



|---------+------------------------------------------------------>
|         |           jra at dp.samba.org                           |
|         |           Sent by:                                   |
|         |           samba-technical-bounces+jmcd=samba.org at list|
|         |           s.samba.org                                |
|         |                                                      |
|         |                                                      |
|         |           04/07/2003 05:54 PM                        |
|         |                                                      |
|---------+------------------------------------------------------>
  >----------------------------------------------------------------------------------------------|
  |                                                                                              |
  |       To:       Marc Kaplan <MKaplan at snapappliance.com>                                      |
  |       cc:       samba-technical at lists.samba.org                                              |
  |       Subject:  Re: BUG: Propagating ACLs down a directory tree only works for one le vel per|
  |        attempt                                                                               |
  |                                                                                              |
  >----------------------------------------------------------------------------------------------|




On Mon, Apr 07, 2003 at 02:50:13PM -0700, Marc Kaplan wrote:
> Hello List:
>
> So I have a directory tree like this:
>
> SHARE1
>       |->DirA
>               |-->DirB
>                   |-->DirC
>
> So, DirA is a subdir of SHARE1 (which is a share), DirB is a subdir of
DirA,
> and DirC is a subdir of DirB.
>
> When I use Win2k Advanced permissions tab to "Reset permissions on all
child
> objects and enable propagation of inheritable permissions" on DirA, the
> behavior I see is that the permission is only propagated down a single
level
> to DirB and NOT to DirC.
>
> The very interesting thing is that if after running the propagation once,
I
> click the "Reset permissions..." button again, it will propagate to DirC.
So
> if I have a 100 level directory tree, I will have to click the "Reset
> permissions..." button 100 times :).
>
> I have an Ethereal trace of this failed propagation for the directory
> structure above on Win2k->Samba and a comparative Ethereal trace of this
> operation succeeding on Win2k->Win2k. I didn't attach it (it's a pretty
> large trace), but I can send it to anyone who wants it.

Thanks Marc,

             Now the security fix is out I'm going to concentrate for a
while
on getting the ACL inheritance code working. I'll ping you if I can't
reproduce this myself, but it should be pretty easy to reproduce.

Thanks,

             Jeremy.

More information about the samba-technical mailing list