[Samba] Inheritable Permissions Issue

[David Eisner]

On Thu, Apr 10, 2008 at 5:45 PM, mfs <farhan.sarwar at gmail.com> wrote:
>  Did you get to the root of the problem ?

Yes and no.  By modifying smbd/posix_acls.c, I could at least make it
stop re-checking the checkbox, but that's not very useful as the
inheritance semantics still aren't honored -- that would require some
additional coding. I found a preexisting bug (which is still "NEW")
and made some comments there:

  https://bugzilla.samba.org/show_bug.cgi?id=5052

In particular:

---8<---
Unfortunately, all my patch does is prevent the box from rechecking itself.  It
doesn't honor the semantics: The ACE's inherited from the parent folder (or
higher) continue to be inherited, so it's pretty useless.  You'd need
additional code to honor that setting, and probably to recursively remove the
inherited ACE's from descendants, if any.  It's not clear to me if the Windows
2000+ semantics (NT4 only considers inheritance when an object is created) is
even intended to be supported by the Samba developers.  Perhaps somebody will
chime in here.
--->8---

Nobody from the Samba team has responded, though.

If you look at the final comment, you'll see the original reporter
says he was able to get it working by copying an old version of
posix_acls.c over 3.0.28 (the most recent 3.0.x at the time):

---8<---
(In reply to comment #3)
> (In reply to comment #2)
>> Can you send me patch?
>>> Unfortunately, all my patch does is prevent the box from rechecking itself.
I copy source/smbd/posix_acls.c  from 3.0.25 to 3.0.28 - and recompile it.
I have correct works samba with correct inherit...
======
today i testing it with 50 users, and trough 3-5 day - production with 600
users...
--->8---


I was uncomfortable doing that myself, but it may be the only option for now.

-David


-- 
David Eisner http://cradle.brokenglass.com