Empty ACEs

jra at dp.samba.org jra at dp.samba.org
Wed May 28 20:26:31 GMT 2003


On Thu, May 22, 2003 at 08:02:09AM -0400, Ken Cross wrote:
> Samba-Folk:
> 
> POSIX ACLs require the 3 standard ACEs: USER_OBJ, GROUP_OBJ, and OTHER.  But
> if you clear all the ALLOW and DENY bits in the Security tab for a file,
> Windows doesn't send them at all.
> 
> Currently, the ensure_canon_entry_valid routine in posix_acls.c makes sure
> all 3 are valid.  If they don't exist, it reads the existing ACE and uses
> it.
> 
> That makes it impossible to, for example, clear all the bits for "Everyone"
> (aka, OTHER).  If you clear them all, Windows doesn't send any OTHER ACE and
> ensure_canon_entry_valid replaces it with whatever was there before; hence
> it's not changed.
> 
> There could be a number of ways to resolve this, but the way it is now
> doesn't seem right.

I just applied a fix for this to the SAMBA_3_0 CVS tree. If you could
check it out I'd appreciate it.

Thanks,

	Jeremy.



More information about the samba-technical mailing list