[PATCH] vfs_acl_xattr|tdb: set create mask to 0777 if ignore_system_acls is set
Ralph Böhme
slow at samba.org
Thu Apr 20 09:44:43 UTC 2017
On Thu, Apr 20, 2017 at 11:42:44AM +0300, Uri Simchoni via samba-technical wrote:
> On 04/19/2017 12:57 PM, Ralph Böhme via samba-technical wrote:
> > On Fri, Feb 10, 2017 at 11:31:38AM -0800, Jeremy Allison wrote:
> >> On Thu, Feb 09, 2017 at 11:03:21AM -0800, Jeremy Allison wrote:
> >>> On Mon, Feb 06, 2017 at 01:19:48PM +0100, Ralph Böhme wrote:
> >>>> Hi!
> >>>>
> >>>> Attached is a patch for bug
> >>>> https://bugzilla.samba.org/show_bug.cgi?id=12562
> >>>>
> >>>> The fix for bug #12181 included a change that should ensure filesystem
> >>>> permissions are out of the way when using VFS modules acl_xattr or acl_tdb with
> >>>> "acl_xattr:ignore system acls = yes".
> >>>>
> >>>> At runtime, when the module is loaded, we set "create mask = 0666" which doesn't
> >>>> contain executable rights files. This should really by "create mask = 0777"
> >>>> instead.
> >>>>
> >>>> Please review & push if happy. Thanks!
> >>>
> >>> Hi Ralph,
> >>>
> >>> Can you explain the customer scenario that instigated
> >>> this fix ?
> >>>
> >>> It's *probably* right, but I think Uri is asking the
> >>> right questions about defauling files to 'x' access
> >>> and I want to understand the exact failure case before
> >>> I OK this :-).
> >>
> >> Ping Ralph, I'd love to get this sorted asap.
> >
> > well, the customer scenario is "support *some* legacy scenario", I don't have
> > more details. :)
> >
> > But I have a rewored patch that should work for all of us: it ensures "create
> > mask" is *at least* 0666. Customer can set "create mask = 0777" and be happy, we
> > keep the default 0666, Uri is happy. :)
> >
> > Ok?
> >
> > Cheerio!
> > -slow
> >
>
> Happy :)
> RB+ me. I don't have time right now for push logistics, will push later
> if none does.
thanks, pushed.
-slow
More information about the samba-technical
mailing list