[Samba] ACL bug

Michael Gasch gasch at eva.mpg.de
Fri Feb 13 09:21:46 GMT 2004


unfortunately this was not the problem though :(

i found another problem

ACL is

humanpdc:/data/install # cat ~/acl
# file: data/install
# owner: root
# group: rootgroup
user::rwx
user:gasch:rwx
user:paul:rwx
user:foedisch:rwx
group::---
mask::rwx
other::---
default:user:gasch:rwx
default:user:paul:rwx
default:user:foedisch:rwx
default:group::---
default:mask::rwx
default:other::---

but
humanpdc:/data/install # cat ~/acl |setfacl --set-file=- ../install/

gives

humanpdc:/data/install # getfacl ../install/
# file: ../install
# owner: root
# group: rootgroup
user::rwx
user:gasch:rwx
user:paul:rwx
user:foedisch:rwx
group::---
mask::rwx
other::---
default:user::rwx
default:user:gasch:rwx
default:user:paul:rwx
default:user:foedisch:rwx
default:group::---
default:mask::rwx
default:other::---

with attention to "default:user::rwx"
why is it automatically set?
and of course: on any file created in install owner just gets rw-, but 
my mask isn't recalculated (which is fine)

e.g.

humanpdc:/data/install # touch test; getfacl test
# file: test
# owner: gasch
# group: users
user::rw-
user:gasch:rwx
user:paul:rwx
user:foedisch:rwx
group::---
mask::rwx
other::---

create masks in samba are 0077
umask for user is 0077

but dirs are created/acl-ed correctly!!!

lot's of "???"

thx




Michael Gasch schrieb:
> hi
> 
> i experienced the same behaviour
> 
> do you know whats the reason?
> i think its umask
> 
> my umask tells me : 022 for root....this changes the "group" setting, 
> which is in this ACL case - yes you know - the effective mask
> 
> greez
> 
> Dariush Forouher schrieb:
> 
>> Hello,
>>
>> I'm using samba 3.0.2(acl) and kernel 2.4.24+acl, libacl-2.2.23.
>>
>> Following problem:
>> When I create a file in an directory with extended ACLs, samba applies 
>> the
>> "create mask" in a wrong way (IMHO).
>> The normal behaviour of tools like chmod is that the second (middle)
>> permission field is mapped to the "mask" ACE if the file has an extended
>> ACL, so that the change applies to all groups. But Samba seems to set the
>> group:: (Owning Group) ACE instead.
>>
>> This behaviour causes some minor problems, especially some users will see
>> this file with x Bit set, when it shouldn't.
>>
>> One example:
>>
>> There is an directory called testdir:
>>
>> # file: testdir
>> # owner: root
>> # group: root
>> user::rwx
>> group::---
>> group:admins:rwx
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:group::---
>> default:group:admins:rwx
>> default:mask::rwx
>> default:other::---
>>
>> The owning group or world shall never have access to this directory (and
>> to all children), only members of group 'admins' shall have.
>>
>> Now if I create a file on the console, it has the following ACL:
>>
>> # file: testfile1
>> # owner: dariush
>> # group: schueler
>> user::rw-
>> group::---
>> group:admins:rwx                #effective:rw-
>> mask::rw-
>> other::---
>>
>> You'll see that group:: is unchanged and mask:: has shortened to rw-
>>
>> Now a file that I've created through Samba:
>> (create mask = 0660 or create mask = 0600; make no difference):
>>
>> # file: testdir/testfile2
>> # owner: dariush
>> # group: schueler
>> user::rw-
>> group::rw-
>> group:admins:rwx
>> mask::rwx
>> other::---
>>
>> You see that mask:: is unchanged, while group:: has been changed instead
>> incorrectly.
>>
>> So, in my eyes this looks like a bug. If it is not, it would be nice if
>> someone could point me a way how to get the wanted behaviour somehow 
>> else.
>>
>> regards
>> Dariush
> 
> 

-- 


          "Matrix - more than a vision"

**************************************************
                  Michael Gasch

            - Central IT Department -

Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
04103 Leipzig

Germany
**************************************************



More information about the samba mailing list