[Samba] ACL bug

Michael Gasch gasch at eva.mpg.de
Fri Feb 13 08:55:20 GMT 2004


hi

i experienced the same behaviour

do you know whats the reason?
i think its umask

my umask tells me : 022 for root....this changes the "group" setting, 
which is in this ACL case - yes you know - the effective mask

greez

Dariush Forouher schrieb:
> Hello,
> 
> I'm using samba 3.0.2(acl) and kernel 2.4.24+acl, libacl-2.2.23.
> 
> Following problem:
> When I create a file in an directory with extended ACLs, samba applies the
> "create mask" in a wrong way (IMHO).
> The normal behaviour of tools like chmod is that the second (middle)
> permission field is mapped to the "mask" ACE if the file has an extended
> ACL, so that the change applies to all groups. But Samba seems to set the
> group:: (Owning Group) ACE instead.
> 
> This behaviour causes some minor problems, especially some users will see
> this file with x Bit set, when it shouldn't.
> 
> One example:
> 
> There is an directory called testdir:
> 
> # file: testdir
> # owner: root
> # group: root
> user::rwx
> group::---
> group:admins:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::---
> default:group:admins:rwx
> default:mask::rwx
> default:other::---
> 
> The owning group or world shall never have access to this directory (and
> to all children), only members of group 'admins' shall have.
> 
> Now if I create a file on the console, it has the following ACL:
> 
> # file: testfile1
> # owner: dariush
> # group: schueler
> user::rw-
> group::---
> group:admins:rwx                #effective:rw-
> mask::rw-
> other::---
> 
> You'll see that group:: is unchanged and mask:: has shortened to rw-
> 
> Now a file that I've created through Samba:
> (create mask = 0660 or create mask = 0600; make no difference):
> 
> # file: testdir/testfile2
> # owner: dariush
> # group: schueler
> user::rw-
> group::rw-
> group:admins:rwx
> mask::rwx
> other::---
> 
> You see that mask:: is unchanged, while group:: has been changed instead
> incorrectly.
> 
> So, in my eyes this looks like a bug. If it is not, it would be nice if
> someone could point me a way how to get the wanted behaviour somehow else.
> 
> regards
> Dariush

-- 


          "Matrix - more than a vision"

**************************************************
                  Michael Gasch

            - Central IT Department -

Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
04103 Leipzig

Germany
**************************************************



More information about the samba mailing list