[Samba] Suggestion: maybe no need to add SMB_ACL_GROUP_OBJ in ensure_canon_entry_valid()
Chere Zhou
qzhou at isilon.com
Wed Oct 30 22:48:00 GMT 2002
Samba team members,
Consider the user wanted to change group name, by doing file
properties->security->Advanced->select groupA->click on
view/edit->change->select groupB. Then after parsing the DACL, we got an
SMB_ACL_GROUP ace with groupB, but no SMB_ACL_GROUP_OBJ.
However, in unpack_canon_ace(), after the call to ensure_canon_entry_valid(),
a new SMB_ACL_GROUP_OBJ with groupA will be added. I think the correct
behavior would be to modify the existing ALLOW_ACE & SMB_ACL_GROUP ace to
SMB_ACL_GROUP_OBJ, instead of adding the file's current gid as
SMB_ACL_GROUP_OBJ ace.
Can somebody tell me why this approach might be wrong? Otherwise I will try
to patch posix_acl.c.
Thanks,
Chere
More information about the samba
mailing list