Permissions incorrectly ordered on Windows after disabling inheritance
Scott Lovenberg
scott.lovenberg at gmail.com
Mon Aug 27 21:55:03 MDT 2012
On Mon, Aug 27, 2012 at 11:47 PM, Jeremy Allison <jra at samba.org> wrote:
> On Mon, Aug 27, 2012 at 08:16:40PM -0700, Jeremy Allison wrote:
> > On Mon, Aug 27, 2012 at 08:05:06PM -0700, Richard Sharpe wrote:
> > > On Mon, Aug 27, 2012 at 6:49 PM, Jeremy Allison <jra at samba.org> wrote:
> > > > On Mon, Aug 27, 2012 at 04:59:34PM -0700, Richard Sharpe wrote:
> > > >> On Mon, Aug 27, 2012 at 4:29 PM, Walkes, Dan <
> dwalkes at tandbergdata.com> wrote:
> > > >> > Awesome! Thanks!
> > > >>
> > > >> Looks like the problem is in lib/secdesc.c:se_create_child_secdesc.
> It
> > > >> needs to make an ordering pass over the ACL in the SD to ensure that
> > > >> the ACEs are ordered correctly. At least that is the case in the
> > > >> Samba 3.5.x code, and I don't think there has been much change there
> > > >> in 3.6.x.
> > > >
> > > > Actually, looking more closely at this I think it's a pretty
> > > > simple bug in that I just forgot to set the
> SEC_ACE_FLAG_INHERITED_ACE
> > > > on inherited ACE's when I create them :-).
> > > >
> > > > Should have a patch to test tomorrow (home now..).
> > >
> > > Well, I guess that depends on the semantics of Creator Owner with the
> > > inherited bit set, doesn't it? Does Windows mark the new ACE created
> > > as a result of a Creator Owner ace that has the inherited bit set as
> > > inherited as well?
> >
> > Yep (been testing against Win7). Windows marks *all*
> > ACE's it creates as part of the inheritance code path
> > with the SEC_ACE_FLAG_INHERITED_ACE bit.
> >
> > It doesn't matter what the original inherited bit was.
>
> And here's a COMPLETELY UNTESTED :-) patch.
>
> Compiles, but that's all I can say right now..
>
> I'll test when I get into work on my test environment
> tomorrow.
>
> Cheers,
>
> Jeremy.
>
I'm really punchy, so if this is a stupid question, please be kind about
it. :)
Is there any chance this will trigger that infamous Office bug where the
permissions on a saved file will be reset to the default permissions of the
parent directory regardless of what the actual ACL is on the file that is
being overwritten by the temp file?
I'm looking at deploying Samba-4 in the very near future at work and I'll
do anything to not trigger that bug again. It has literally cost me
sleepless nights. :)
--
Peace and Blessings,
-Scott.
More information about the samba-technical
mailing list