[Samba] ACL bug

[Dariush Forouher]

Hello,

I'm using samba 3.0.2(acl) and kernel 2.4.24+acl, libacl-2.2.23.

Following problem:
When I create a file in an directory with extended ACLs, samba applies the
"create mask" in a wrong way (IMHO).
The normal behaviour of tools like chmod is that the second (middle)
permission field is mapped to the "mask" ACE if the file has an extended
ACL, so that the change applies to all groups. But Samba seems to set the
group:: (Owning Group) ACE instead.

This behaviour causes some minor problems, especially some users will see
this file with x Bit set, when it shouldn't.

One example:

There is an directory called testdir:

# file: testdir
# owner: root
# group: root
user::rwx
group::---
group:admins:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:admins:rwx
default:mask::rwx
default:other::---

The owning group or world shall never have access to this directory (and
to all children), only members of group 'admins' shall have.

Now if I create a file on the console, it has the following ACL:

# file: testfile1
# owner: dariush
# group: schueler
user::rw-
group::---
group:admins:rwx                #effective:rw-
mask::rw-
other::---

You'll see that group:: is unchanged and mask:: has shortened to rw-

Now a file that I've created through Samba:
(create mask = 0660 or create mask = 0600; make no difference):

# file: testdir/testfile2
# owner: dariush
# group: schueler
user::rw-
group::rw-
group:admins:rwx
mask::rwx
other::---

You see that mask:: is unchanged, while group:: has been changed instead
incorrectly.

So, in my eyes this looks like a bug. If it is not, it would be nice if
someone could point me a way how to get the wanted behaviour somehow else.

regards
Dariush
-- 
PGP Fingerprint: 0x886C99A1