[Samba] ACL misbehavior moving from POSIX ACL -> acl_xattr
Jeremy Allison
jra at samba.org
Wed Sep 16 15:42:26 MDT 2009
On Wed, Sep 16, 2009 at 07:20:11PM +0100, Miguel Medalha wrote:
>
> All files/dirs are 666 or 777. According to my reading, since there are
> no POSIX extended ACLs, if the VFS layer "passes" an access, then it only
> should be compared against the standard UGO permissions.
That's correct - but the problem isn't access, it's when the
incoming ACL is "set" onto the underlying filesystem. Most
ACLs can't be mapped onto ugw permissions.
As I said, you need a vfs_acl_null module that will drop
any set call, and will return Everyone:Full control on
read.
Jeremy.
More information about the samba
mailing list