RFC - add support for dacl protected to zfsacl
awalker at ixsystems.com
Sun Oct 21 03:22:21 UTC 2018
The following patch came about because some of our users were complaining
that they could not use the option to replace inherited ACLs with
non-inherited ones via File Explorer.
This is a two-part fairly trivial fix. I added support for
ACE_INHERITED_ACE to libsunacl 1.0.1 here (so that samba was actually aware
of the status of the "inherited" bit):
And the second part was to set the dacl_protected flag if none of the ACEs
in an ACL contain have the inherited bit set. This second part is what I am
unsure of. I have not observed ACLs with protected set and an ACE with
permissions inherited from the container, but I have not found concrete
documentation one way or another. The attached patch is sufficient to:
1) get the proper behavior from windows explorer
2) allow us to pass "samba-tool ntacl sysvolcheck" when we provision on ZFS
(with additional patches)
Any input about this would be appreciated.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vfs_zfsacl patch to set dacl protected if no entries in ACL are inherited.patch
Size: 1669 bytes
Desc: not available
More information about the samba-technical