Empty ACEs
jra at dp.samba.org
jra at dp.samba.org
Wed May 28 20:26:31 GMT 2003
On Thu, May 22, 2003 at 08:02:09AM -0400, Ken Cross wrote:
> Samba-Folk:
>
> POSIX ACLs require the 3 standard ACEs: USER_OBJ, GROUP_OBJ, and OTHER. But
> if you clear all the ALLOW and DENY bits in the Security tab for a file,
> Windows doesn't send them at all.
>
> Currently, the ensure_canon_entry_valid routine in posix_acls.c makes sure
> all 3 are valid. If they don't exist, it reads the existing ACE and uses
> it.
>
> That makes it impossible to, for example, clear all the bits for "Everyone"
> (aka, OTHER). If you clear them all, Windows doesn't send any OTHER ACE and
> ensure_canon_entry_valid replaces it with whatever was there before; hence
> it's not changed.
>
> There could be a number of ways to resolve this, but the way it is now
> doesn't seem right.
I just applied a fix for this to the SAMBA_3_0 CVS tree. If you could
check it out I'd appreciate it.
Thanks,
Jeremy.
More information about the samba-technical
mailing list