Question about vfs_acl_common not setting filesystem permissions anymore
Jeremy Allison
jra at samba.org
Wed Aug 24 21:11:53 UTC 2016
On Wed, Aug 24, 2016 at 03:04:53PM +0200, Ralph Böhme wrote:
> Hi Uri,
>
> *phew*! This stuff is driving me insane. As I've got to implement some
> related improvements in the ACL code, I was working on a refactoring
> of get_nt_acl_internal(). Got it down to 150 lines from 350. Finally
> even I understand the logic. :)
Oh, didn't think it was that bad, it did grow somewhat organically :-).
> So we have consensus that forcing create mask=0777 and directory
> mask=0666 in the modules is the way to address this? If yes, I'll file
> a bugreport and prepare patches. I guess we then must also force all
> map archive|hidden|system|readonly to no.
There is precedence for this - in source3/modules/vfs_acl_xattr.c:connect_acl_xattr()
we already have:
lp_do_parameter(SNUM(handle->conn), "inherit acls", "true");
lp_do_parameter(SNUM(handle->conn), "dos filemode", "true");
lp_do_parameter(SNUM(handle->conn), "force unknown acl user", "true");
More information about the samba-technical
mailing list