Trying to make sysvolreset/check work better

Rowland Penny rpenny at
Wed Jun 21 14:59:05 UTC 2017

I have been working on trying to make sysvolreset & sysvolcheck work
better, unfortunately I think I am hitting a problem that I cannot
fix ;-)

If I try to set this ACL with 'samba-tool ntacl sysvolreset'

I get an error if I then run 'samba-tool ntacl sysvolcheck', it gets the ACL

These two ACES:
Have Become


Has become

I have checked from Windows and get the same ACL that samba-tool does, so it seems that set_nt_acl from source3/smbd/posix_acls.c isn't setting the correct ACL.

Trying to find out why this is happening, lead to finding that SEC_STD_WRITE_DAC (aka WRITE_DAC or WD) from libcli/security/security.h is only in map_canon_ace_perms, which is called by posix_get_nt_acl_common which is called by posix_fget_nt_acl or posix_get_nt_acl. No mention of setting an ACL.

Am I barking up the wrong tree here ?

If not, can somebody please fix this.


More information about the samba-technical mailing list