[PATCH] vfs_acl_xattr|tdb: set create mask to 0777 if ignore_system_acls is set
Ralph Böhme
slow at samba.org
Mon Feb 6 13:04:13 UTC 2017
On Mon, Feb 06, 2017 at 02:47:08PM +0200, Uri Simchoni wrote:
> On 02/06/2017 02:19 PM, Ralph Böhme wrote:
> > Hi!
> >
> > Attached is a patch for bug
> > https://bugzilla.samba.org/show_bug.cgi?id=12562
> >
> > The fix for bug #12181 included a change that should ensure filesystem
> > permissions are out of the way when using VFS modules acl_xattr or acl_tdb with
> > "acl_xattr:ignore system acls = yes".
> >
> > At runtime, when the module is loaded, we set "create mask = 0666" which doesn't
> > contain executable rights files. This should really by "create mask = 0777"
> > instead.
> >
> > Please review & push if happy. Thanks!
> >
> > Cheerio!
> > -slow
> >
> Well, what if I want files created to be 0666?
huh, why would you? You've explicitly requested
acl_xattr:ignore system acls = yes
whose behaviour is
When set to yes, a best effort mapping from/to the POSIX ACL layer will not be
done by this module.
I know it says "POSIX ACL", but you can't seperate the POSIX mode from the ACL
from a functional perspective. We must ensure filesytem permissions are
completely open and permission checking is based entirely on the ACL blob from
the xattr, not on some unpredictable mix of blob and fs.
Cheerio!
-slow
More information about the samba-technical
mailing list