Empty ACEs
Ken Cross
kcross at nssolutions.com
Thu May 22 12:02:09 GMT 2003
Samba-Folk:
POSIX ACLs require the 3 standard ACEs: USER_OBJ, GROUP_OBJ, and OTHER. But
if you clear all the ALLOW and DENY bits in the Security tab for a file,
Windows doesn't send them at all.
Currently, the ensure_canon_entry_valid routine in posix_acls.c makes sure
all 3 are valid. If they don't exist, it reads the existing ACE and uses
it.
That makes it impossible to, for example, clear all the bits for "Everyone"
(aka, OTHER). If you clear them all, Windows doesn't send any OTHER ACE and
ensure_canon_entry_valid replaces it with whatever was there before; hence
it's not changed.
There could be a number of ways to resolve this, but the way it is now
doesn't seem right.
Ken
________________________________
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com
More information about the samba-technical
mailing list