RFC - add support for dacl protected to zfsacl

Jeremy Allison jra at samba.org
Mon Oct 22 12:09:49 UTC 2018

On Sat, Oct 20, 2018 at 11:22:21PM -0400, Andrew Walker via samba-technical wrote:
> The following patch came about because some of our users were complaining
> that they could not use the option to replace inherited ACLs with
> non-inherited ones via File Explorer.
> This is a two-part fairly trivial fix. I added support for
> ACE_INHERITED_ACE to libsunacl 1.0.1 here (so that samba was actually aware
> of the status of the "inherited" bit):
> https://github.com/freenas/libsunacl/commit/2be74926024182dbd072e8458e098636c6fd77ce
> And the second part was to set the dacl_protected flag if none of the ACEs
> in an ACL contain have the inherited bit set. This second part is what I am
> unsure of.  I have not observed ACLs with protected set and an ACE with
> permissions inherited from the container, but I have not found concrete
> documentation one way or another. The attached patch is sufficient to:
> 1) get the proper behavior from windows explorer
> 2) allow us to pass "samba-tool ntacl sysvolcheck" when we provision on ZFS
> (with additional patches)
> Any input about this would be appreciated.

On first glance looks appropriate. I'm out at the Linux Conference
in Edinburgh this week though, so I'll try and take a proper look
over this next week when I get back.



More information about the samba-technical mailing list