Permissions incorrectly ordered on Windows after disabling inheritance
Jeremy Allison
jra at samba.org
Mon Aug 27 21:16:40 MDT 2012
On Mon, Aug 27, 2012 at 08:05:06PM -0700, Richard Sharpe wrote:
> On Mon, Aug 27, 2012 at 6:49 PM, Jeremy Allison <jra at samba.org> wrote:
> > On Mon, Aug 27, 2012 at 04:59:34PM -0700, Richard Sharpe wrote:
> >> On Mon, Aug 27, 2012 at 4:29 PM, Walkes, Dan <dwalkes at tandbergdata.com> wrote:
> >> > Awesome! Thanks!
> >>
> >> Looks like the problem is in lib/secdesc.c:se_create_child_secdesc. It
> >> needs to make an ordering pass over the ACL in the SD to ensure that
> >> the ACEs are ordered correctly. At least that is the case in the
> >> Samba 3.5.x code, and I don't think there has been much change there
> >> in 3.6.x.
> >
> > Actually, looking more closely at this I think it's a pretty
> > simple bug in that I just forgot to set the SEC_ACE_FLAG_INHERITED_ACE
> > on inherited ACE's when I create them :-).
> >
> > Should have a patch to test tomorrow (home now..).
>
> Well, I guess that depends on the semantics of Creator Owner with the
> inherited bit set, doesn't it? Does Windows mark the new ACE created
> as a result of a Creator Owner ace that has the inherited bit set as
> inherited as well?
Yep (been testing against Win7). Windows marks *all*
ACE's it creates as part of the inheritance code path
with the SEC_ACE_FLAG_INHERITED_ACE bit.
It doesn't matter what the original inherited bit was.
Jeremy.
More information about the samba-technical
mailing list