Question about vfs_acl_common not setting filesystem permissions anymore
jra at samba.org
Tue Aug 30 19:20:27 UTC 2016
On Tue, Aug 30, 2016 at 05:38:36AM +0200, Ralph Böhme wrote:
> On Mon, Aug 29, 2016 at 05:22:15PM -0700, Jeremy Allison wrote:
> > On Mon, Aug 29, 2016 at 09:17:13AM +0200, Ralph Böhme wrote:
> > > Hi
> > >
> > > On Sat, Aug 27, 2016 at 05:45:54PM +0200, Ralph Böhme wrote:
> > > > Patch attached, it depends on the other acl_xattr|tdb patch. Please
> > > > review & comment. I'm still pondering the idea of forcing "store dos
> > > > attributes = yes" instead of the map xxx stuff.
> > >
> > > sorry, wrong version, didn't build (new DEBUG macro call with a
> > > surplus closing parenthesis). Correct one attached.
> > If you're setting:
> > map archive = no
> > map hidden = no
> > map readonly = no
> > map system = no
> > Aren't you also going to need to set:
> > store dos attributes = yes
> > be default too ?
> that's why I was asking. :)
> But my understanding is, while it would make perfect sense to set it
> (which would also render it needless to set the map xxx stuff to no in
> the first place), it may be a valid combination to set
> map archive = no
> map hidden = no
> map readonly = no
> map system = no
> store dos attributes = no
> Doesn't make sense, but someone out there might be using it for some
> strange reason.
I can't see that. IMHO this is an invalid combination. At
that point there is no way to store DOS attibutes at all
and clients will break.
So I think we need to add 'store dos attributes = yes'
inside this patchset too.
> Having said that, I would actually favor to set "store dos attributes
> = yes" instead, as it makes a lot of sense, just don't want to break
> any exising setup with this change.
Looking through the existing code it is possible to set
the above - but now that 4.5.0 and above have the direct VFS
calls to get/set DOS attributes I think we need to remove
all references to:
lp_store_dos_attributes(), lp_map_readonly().. etc.
from above the VFS layer - as otherwise you can prevent
neccessary VFS calls from being made where an underlying
file system has a different meta-data store mechanism
for storing DOS attributes.
I'll prepare a patch that sorts this out so that a VFS
filesystem always gets access to the DOS attribute calls
no matter what the above settings are set to. The default
VFS-on-top-of-POSIX can keep the existing behavior below
the VFS layer.
More information about the samba-technical