Empty ACEs
Ken Cross
kcross at nssolutions.com
Thu May 29 02:19:05 GMT 2003
Yep - excellent! Thanks!
Ken
________________________________
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com
> -----Original Message-----
> From: samba-technical-bounces at lists.samba.org
> [mailto:samba-technical-bounces at lists.samba.org] On Behalf Of
> jra at dp.samba.org
> Sent: Wednesday, May 28, 2003 4:27 PM
> To: Ken Cross
> Cc: 'Multiple recipients of list SAMBA-TECHNICAL'
> Subject: Re: Empty ACEs
>
>
> On Thu, May 22, 2003 at 08:02:09AM -0400, Ken Cross wrote:
> > Samba-Folk:
> >
> > POSIX ACLs require the 3 standard ACEs: USER_OBJ, GROUP_OBJ, and
> > OTHER. But if you clear all the ALLOW and DENY bits in the
> Security
> > tab for a file, Windows doesn't send them at all.
> >
> > Currently, the ensure_canon_entry_valid routine in
> posix_acls.c makes
> > sure all 3 are valid. If they don't exist, it reads the
> existing ACE
> > and uses it.
> >
> > That makes it impossible to, for example, clear all the bits for
> > "Everyone" (aka, OTHER). If you clear them all, Windows
> doesn't send
> > any OTHER ACE and ensure_canon_entry_valid replaces it with
> whatever
> > was there before; hence it's not changed.
> >
> > There could be a number of ways to resolve this, but the
> way it is now
> > doesn't seem right.
>
> I just applied a fix for this to the SAMBA_3_0 CVS tree. If
> you could check it out I'd appreciate it.
>
> Thanks,
>
> Jeremy.
>
More information about the samba-technical
mailing list