Question about vfs_acl_common not setting filesystem permissions anymore

Jeremy Allison jra at
Wed Aug 24 21:11:53 UTC 2016

On Wed, Aug 24, 2016 at 03:04:53PM +0200, Ralph Böhme wrote:
> Hi Uri,
> *phew*! This stuff is driving me insane. As I've got to implement some
> related improvements in the ACL code, I was working on a refactoring
> of get_nt_acl_internal(). Got it down to 150 lines from 350. Finally
> even I understand the logic. :)

Oh, didn't think it was that bad, it did grow somewhat organically :-).

> So we have consensus that forcing create mask=0777 and directory
> mask=0666 in the modules is the way to address this? If yes, I'll file
> a bugreport and prepare patches. I guess we then must also force all
> map archive|hidden|system|readonly to no.

There is precedence for this - in source3/modules/vfs_acl_xattr.c:connect_acl_xattr()
we already have:

        lp_do_parameter(SNUM(handle->conn), "inherit acls", "true");
        lp_do_parameter(SNUM(handle->conn), "dos filemode", "true");
        lp_do_parameter(SNUM(handle->conn), "force unknown acl user", "true");

More information about the samba-technical mailing list