[Samba] Set ACLs on Samba share from Windows
Jeremy Allison
jra at samba.org
Fri Sep 3 09:58:10 MDT 2010
On Thu, Sep 02, 2010 at 12:16:00AM +0000, Dadoo wrote:
>
> On Wed, 01 Sep 2010 23:19:25 +0000, Dadoo wrote:
>
> > On Wed, 01 Sep 2010 20:24:47 +0000, Dadoo wrote:
> >> I've also dug into some of the Samba source and discovered the error is
> >> coming from a function named "acl_valid", which is called from
> >> "smb_acl_to_posix", in the file "vfs_posixacl.c". I'll admit I'm no
> >> expert on POSIX ACLs, but I have to wonder if there's a bug in the
> >> Linux ACL functions, since "smb_acl_to_posix" uses *only* ACL functions
> >> to manipulate the ACL, and someone else in this group said that very
> >> same function works on Solaris. Does this work for anyone out there,
> >> using a Linux system?
> >
> > Okay, now I'm getting somewhere. I finally got my source-compiled
> > version of Samba (mostly) working, and put in a DEBUG statement that
> > calls "acl_to_text", right before the call to "acl_valid". This is what
> > I got:
> >
> > user::rwx
> > user::rwx
> > user:2001:rwx
> > user:2003:rwx
> > user:2004:rwx
> > user:2005:rwx
> > user:2006:rwx
> > group::---
> > mask::rwx
> > other::---
> >
> > Again, I'm not an ACL expert. Can anyone verify whether or not this is a
> > valid ACL?
> >
> > Thanks
>
> Well, it's not a bug in the Linux POSIX ACL libraries. According to the
> man page, it's the occurrence of two "user::rwx" (ACL_USER_OBJ) strings.
> In my log output, taken from the "for" loop in "smb_acl_to_posix", you
> can see that Samba attaches two ACL_USER_OBJ entries to the ACL, even
> though the POSIX rules require exactly one.
>
> Where do I go from here?
Oh that's very interesting. It shouldn't do that.
Can you log a bug on bugzilla.samba.org and attach
a debug level 10 log of smbd when you're doing this.
I'd like to fix this asap.
Jeremy.
More information about the samba
mailing list