samba 3.3.x and SMB RAW-ACLs

Jeremy Allison jra at samba.org
Tue Feb 24 11:25:31 MST 2009


On Tue, Feb 24, 2009 at 01:23:44PM -0500, yaberger at ca.ibm.com wrote:
> just a precision
> 
> we're already using "acl check permissions = No"
> yaberge2 at sda7 ==> testparm -vs 2>&1 |grep "acl check permissions"
>         acl check permissions = No
> 
> 
> would it be clean to have something like this? (not tested)
> ==> diff -c /tmp/open.c.orig /tmp/open.c.new
> *** /tmp/open.c.orig    Tue Feb 24 13:00:54 2009
> --- /tmp/open.c.new     Tue Feb 24 13:22:18 2009
> ***************
> *** 397,403 ****
> 
>         } else {
>                 fsp->fh->fd = -1; /* What we used to call a stat open. */
> !               if (file_existed) {
>                         status = check_open_rights(conn,
>                                         path,
>                                         access_mask);
> --- 397,403 ----
> 
>         } else {
>                 fsp->fh->fd = -1; /* What we used to call a stat open. */
> !               if (lp_acl_check_permissions() && file_existed) {
>                         status = check_open_rights(conn,
>                                         path,
>                                         access_mask);

Yes, I'm not sure this is right. The correct fix is to
ensure FILE_DELETE_CHILD is mapped correctly for ACLs
read from a directory that have write permission.

Jeremy.


More information about the samba-technical mailing list