ACL problem with NFSv4 and DELETE_ACCESS

Nicolas Dorfsman ndorfsman at gmail.com
Tue Jun 17 18:45:52 GMT 2008


	Hi Volker,


	Well, I tried to work on this :

https://bugzilla.samba.org/show_bug.cgi?id=5135

	
	not really easy when you never worked on Samba sources.

	When I chat with obnox, we talked about the issue around calls to  
posix_acl.c instead of using vfs implementation.

	Your patch may fix some cases, but is it really sufficient ? Take a  
look to the list I wrote in my bug report.


	Nicolas

Le 17 juin 08 à 16:41, Volker Lendecke a écrit :

> Hi!
>
> Attached find two patches that attempt to fix a bug we have
> when "real" ACLs and not just posix mode bits are used. With
> "real" I right now mean NFSv4, but others like for example
> the AFS ACL module are also affected.
>
> The problem is in can_delete_file_in_directory(). It right
> now looks at the posix mode only if the owner of a directory
> wants to delete a file within it. This is wrong in all the
> more enhanced ACL schemes. It might be obvious, but it took
> a while for me to understand how this should really work: We
> are allowed to delete a file when either we have a direct
> DELETE right on the object or if that is not there we have a
> DELETE_CHILD right on the containing directory. The first
> attached patch implements this.
>
> The second patch is necessary because the default rwxr-xr-x
> right on a normal file would map to the owner's DELETE bit
> on a file that is about to be deleted. This is wrong, in the
> non-acl case the right to delete a file is not determined by
> the permissions on the file itself. The changed checks in
> can_delete_file_in_directory take care of it by separately
> looking at the directory permissions.
>
> The downside of this patch is that we don't use the fast
> path anymore in the non-acl case. I will measure next now
> much we actually lose. And, I'm not sure if all mappings in
> posix_acls.c are correct enough to actually make sure that
> we get the checks right if we push it through
> posix_get_nt_acl.
>
> I'm not checking these patches in right away, because I need
> to do more tests, but I'd like to hear some feedback
> nevertheless, in particular from people who have worked with
> Posix and NFSv4 ACLs in production.
>
> Thanks,
>
> Volker
> <0001-Fix-checks-in-can_delete_file_in_directory.patch><0002-RWX-on- 
> a-file-does-not-imply-DELETE-access.patch>



More information about the samba-technical mailing list