[Samba] ACLs fail in 3.0.23d

Jens Nissen jens.nissen at gmx.net
Tue Jan 30 15:13:51 GMT 2007 

OK - I managed to track down the bug inside Samba, but I have no easy way to work around it.
The dynamic mapping of vfs acls inside Samba does not seem to work.
See the following sequence in posix_acls.c in function get_nt_acl:

/*
 * Get the ACL from the path.
 */

posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fsp->fsp_name, SMB_ACL_TYPE_ACCESS);

/// My Workaround
/// posix_acl equals 0 here
if (!posix_acl)
{
  posix_acl=acl_get_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS);
}
/// posix_acl is something else than 0 here
/// End My Workaround

While SMB_VFS_SYS_ACL_GET_FILE returns a Null-Pointer, the call afterwards to acl_get_file does return a ACL description which is non-zero.

So the vfs-wrapper code fails, even though smbd is obviously linked to the correct ACL 1.0 library (as acl_get_file can be found inside libacl).

How can I work around this? It would be horrible, if I had to find all wrapped library code and replace it by something hard-wired.

Kind regards,

Jens Nissen

-------- Original-Nachricht --------
Datum: Tue, 30 Jan 2007 11:44:18 +0100 (MET)
Von: Jan Engelhardt <jengelh at linux01.gwdg.de>
An: Jens Nissen <jens.nissen at gmx.net>
Betreff: Re: [Samba] ACLs fail in 3.0.23d

> 
> >One question: how does Samba find out, that ACLs are activated?
> 
> I suppose the only sane way is to try calling functions from libacl. If
> they fail unreasonably, then the fs does not support ACLs.
> 
> >>> Whenever I try to read or modify ACLs from my Windows 2000 PDC, my
> Samba
> >>> Domain Member Server (Security = ADS) does not allow setting ACLs, nor
> >>> does it display the existing ACLs.
> >> 
> >> Does it at least enforce them?
> >
> >What does "enforce" mean?
> 
> chmod 600 file
> setfacl -m u:otheruser:rwx file
> 
> should give otheruser write permissions on the file, even if Windows
> does not get ACLs right (e.g. W98, which does not know ACLs at all).
> 
> >
> >But I am missing something like --WITH-ACL:
> 
> smbd -b shows defines, not configure options.
> 
> 
> Jan
> -- 
> ft: http://freshmeat.net/p/chaostables/

-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

More information about the samba mailing list