samba 3.3.x and SMB RAW-ACLs
Jeremy Allison
jra at samba.org
Tue Feb 24 11:25:31 MST 2009
On Tue, Feb 24, 2009 at 01:23:44PM -0500, yaberger at ca.ibm.com wrote:
> just a precision
>
> we're already using "acl check permissions = No"
> yaberge2 at sda7 ==> testparm -vs 2>&1 |grep "acl check permissions"
> acl check permissions = No
>
>
> would it be clean to have something like this? (not tested)
> ==> diff -c /tmp/open.c.orig /tmp/open.c.new
> *** /tmp/open.c.orig Tue Feb 24 13:00:54 2009
> --- /tmp/open.c.new Tue Feb 24 13:22:18 2009
> ***************
> *** 397,403 ****
>
> } else {
> fsp->fh->fd = -1; /* What we used to call a stat open. */
> ! if (file_existed) {
> status = check_open_rights(conn,
> path,
> access_mask);
> --- 397,403 ----
>
> } else {
> fsp->fh->fd = -1; /* What we used to call a stat open. */
> ! if (lp_acl_check_permissions() && file_existed) {
> status = check_open_rights(conn,
> path,
> access_mask);
Yes, I'm not sure this is right. The correct fix is to
ensure FILE_DELETE_CHILD is mapped correctly for ACLs
read from a directory that have write permission.
Jeremy.
More information about the samba-technical
mailing list