Question about vfs_acl_common not setting filesystem permissions anymore

Wed Aug 31 12:57:46 UTC 2016

On Tue, Aug 30, 2016 at 04:30:12PM -0700, Jeremy Allison wrote:
> On Tue, Aug 30, 2016 at 12:20:27PM -0700, Jeremy Allison wrote:
> > On Tue, Aug 30, 2016 at 05:38:36AM +0200, Ralph Böhme wrote:
> > > On Mon, Aug 29, 2016 at 05:22:15PM -0700, Jeremy Allison wrote:
> > > > On Mon, Aug 29, 2016 at 09:17:13AM +0200, Ralph Böhme wrote:
> > > > > Hi
> > > > > 
> > > > > On Sat, Aug 27, 2016 at 05:45:54PM +0200, Ralph Böhme wrote:
> > > > > > Patch attached, it depends on the other acl_xattr|tdb patch. Please
> > > > > > review & comment. I'm still pondering the idea of forcing "store dos
> > > > > > attributes = yes" instead of the map xxx stuff.
> > > > > 
> > > > > sorry, wrong version, didn't build (new DEBUG macro call with a
> > > > > surplus closing parenthesis). Correct one attached.
> > > > 
> > > > If you're setting:
> > > > 
> > > > map archive = no
> > > > map hidden = no
> > > > map readonly = no
> > > > map system = no
> > > > 
> > > > Aren't you also going to need to set:
> > > > 
> > > > store dos attributes = yes
> > > > 
> > > > be default too ?
> > > 
> > > that's why I was asking. :)
> > > 
> > > But my understanding is, while it would make perfect sense to set it
> > > (which would also render it needless to set the map xxx stuff to no in
> > > the first place), it may be a valid combination to set
> > > 
> > > map archive = no
> > > map hidden = no
> > > map readonly = no
> > > map system = no
> > > store dos attributes = no
> > > 
> > > Doesn't make sense, but someone out there might be using it for some
> > > strange reason.
> > 
> > I can't see that. IMHO this is an invalid combination. At
> > that point there is no way to store DOS attibutes at all
> > and clients will break.
> > 
> > So I think we need to add 'store dos attributes = yes'
> > inside this patchset too.
> 
> So here it is. Ralph, it you're happy please review
> and push !

pushed with the following change squashed (the debug message was
missing the "store dos attributes"):

--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -343,7 +343,8 @@ static int connect_acl_tdb(struct vfs_handle_struct *handle,
 
        if (config->ignore_system_acls) {
                DBG_NOTICE("setting 'create mask = 0666', "
-                          "'directory mask = 0777' and all "
+                          "'directory mask = 0777', "
+                          "'store dos attributes = yes' and all "
                           "'map ...' options to 'no'\n");
 
                lp_do_parameter(SNUM(handle->conn), "create mask", "0666");

diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index ad8615c..e1f90ff 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -210,7 +210,8 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
 
        if (config->ignore_system_acls) {
                DBG_NOTICE("setting 'create mask = 0666', "
-                          "'directory mask = 0777' and all "
+                          "'directory mask = 0777', "
+                          "'store dos attributes = yes' and all "
                           "'map ...' options to 'no'\n");
 
                lp_do_parameter(SNUM(handle->conn), "create mask",
                "0666");

Thanks!

Cheerio!
-slow

