[Samba] Set ACLs on Samba share from Windows

Fri Sep 3 09:58:10 MDT 2010

On Thu, Sep 02, 2010 at 12:16:00AM +0000, Dadoo wrote:
> 
> On Wed, 01 Sep 2010 23:19:25 +0000, Dadoo wrote:
> 
> > On Wed, 01 Sep 2010 20:24:47 +0000, Dadoo wrote:
> >> I've also dug into some of the Samba source and discovered the error is
> >> coming from a function named "acl_valid", which is called from
> >> "smb_acl_to_posix", in the file "vfs_posixacl.c". I'll admit I'm no
> >> expert on POSIX ACLs, but I have to wonder if there's a bug in the
> >> Linux ACL functions, since "smb_acl_to_posix" uses *only* ACL functions
> >> to manipulate the ACL, and someone else in this group said that very
> >> same function works on Solaris. Does this work for anyone out there,
> >> using a Linux system?
> > 
> > Okay, now I'm getting somewhere. I finally got my source-compiled
> > version of Samba (mostly) working, and put in a DEBUG statement that
> > calls "acl_to_text", right before the call to "acl_valid". This is what
> > I got:
> > 
> >     user::rwx
> >     user::rwx
> >     user:2001:rwx
> >     user:2003:rwx
> >     user:2004:rwx
> >     user:2005:rwx
> >     user:2006:rwx
> >     group::---
> >     mask::rwx
> >     other::---
> > 
> > Again, I'm not an ACL expert. Can anyone verify whether or not this is a
> > valid ACL?
> > 
> > Thanks
> 
> Well, it's not a bug in the Linux POSIX ACL libraries. According to the 
> man page, it's the occurrence of two "user::rwx" (ACL_USER_OBJ) strings. 
> In my log output, taken from the "for" loop in "smb_acl_to_posix", you 
> can see that Samba attaches two ACL_USER_OBJ entries to the ACL, even 
> though the POSIX rules require exactly one.
> 
> Where do I go from here?

Oh that's very interesting. It shouldn't do that.

Can you log a bug on bugzilla.samba.org and attach
a debug level 10 log of smbd when you're doing this.

I'd like to fix this asap.

Jeremy.