An extra 'executable' bit is seen when POSIX ACL is used by Samba
Dmitry Butskoy
buc at odusz.so-cdu.ru
Fri Sep 15 15:16:06 GMT 2006
When POSIX ACLis used, some files created by Samba appears as "have
extra group-executable bit". For example, "ls -l" command shows
"-rw-rwxr--" instead of "-rw-rw-r--" .
Such a behaviour is caused by the
source/smbd/posix_alcs.c:chmos_acl_internals() code, the appropriate
code fragment is:
case SMB_ACL_MASK:
/*
* FIXME: The ACL_MASK entry permissions should really be set to
* the union of the permissions of all ACL_USER,
* ACL_GROUP_OBJ, and ACL_GROUP entries. That's what
* acl_calc_mask() does, but Samba ACLs doesn't provide it.
*/
perms = S_IRUSR|S_IWUSR|S_IXUSR;
break;
where instead of some union computing or acl_calc_mask() call just "rwx"
is used.
As many traditional UNIX utilities are focused on simple
"owner/group/other" possibilities, such utilities are confused a little
by this the 'extra' bit. I.e.:
* colored "ls -l" output shows the file as an executable, Midnight
Commander and friends do the same;
* the system shell tries to execute this file after typing its filename
and occasionally typing "enter" immediately after this;
* potentially the file with such an extra bit can be interpreted by
Samba as "system" file (if "map system = yes")
For me, it seems to be a bug...
Is it correct just to change "rwx" to "rw-"? It would be the easiest
temporary fix.
What the difficulties can be if to add acl_calc_mask() feature for Samba
or compute right mask in chmod_acl_internals() code immediately?
I can do some tests if needed...
Dmitry Butskoy
http://www.fedoraproject.org/wiki/DmitryButskoy
More information about the samba-technical
mailing list