[Samba] Suggestion: maybe no need to add SMB_ACL_GROUP_OBJ in ensure_canon_entry_valid()

Chere Zhou qzhou at isilon.com
Wed Oct 30 22:48:00 GMT 2002

Samba team members,

Consider the user wanted to change group name, by doing file 
properties->security->Advanced->select groupA->click on 
view/edit->change->select groupB.  Then after parsing the DACL, we got an 
SMB_ACL_GROUP ace with groupB, but no SMB_ACL_GROUP_OBJ.
However, in unpack_canon_ace(), after the call to ensure_canon_entry_valid(), 
a new SMB_ACL_GROUP_OBJ with groupA will be added.   I think the correct 
behavior would be to modify the existing ALLOW_ACE & SMB_ACL_GROUP ace to 
SMB_ACL_GROUP_OBJ, instead of adding the file's current gid as 

Can somebody tell me why this approach might be wrong?  Otherwise I will try 
to patch posix_acl.c.


More information about the samba mailing list