[Samba] Re: Inheritable Permissions Issue
David Eisner
deisner at gmail.com
Sat Mar 1 00:22:59 GMT 2008
On Thu, Feb 28, 2008 at 6:51 PM, David Eisner <deisner at gmail.com> wrote:
> Permissions tab of the Advanced Security Settings dialog, whenever I
> uncheck the "Allow inheritable permissions from the parent to
> propagate to this object and all child objects" checkbox, and hit
> Apply, the checkbox always returns to the checked state immediately.
> It is never possible to get it into an unchecked state. Is this the
> expected behavior?
Just an update. I've been peering through the code trying to debug
this problem. Here's what I've learned so far:
1. The value represented by the "inheritable permissions" checkbox is
stored in the security descriptor's SE_DACL_PROTECTED control flag.
[1] In the Samba code, these flags are stored in the SEC_DESC
struct's "type" member.
2. set_nt_acl() (in smbd/posix_acls.c) is responsible for handling the
request to set the security descriptor on the file. Among other
things, it calls append_parent_acl(). This function is clobbering the
SE_DESC_DACL_PROTECTED bit in psd->type. It has the correct value
before the call, but it winds up getting cleared.
3. I see this comment inside append_parent_acl():
/*
* Note that we're ignoring "inherit permissions" here
* as that really only applies to newly created files. JRA.
*/
Is this a bug?
I'll take a look at what's in git and do some more research.
-David
[1] http://tinyurl.com/2pt7nh
--
David Eisner http://cradle.brokenglass.com
More information about the samba
mailing list