[Samba] Set ACLs on Samba share from Windows

Fri Sep 3 15:29:04 MDT 2010

On Fri, 03 Sep 2010 08:58:10 -0700, Jeremy Allison wrote:
>> 
>> Well, it's not a bug in the Linux POSIX ACL libraries. According to the
>> man page, it's the occurrence of two "user::rwx" (ACL_USER_OBJ)
>> strings. In my log output, taken from the "for" loop in
>> "smb_acl_to_posix", you can see that Samba attaches two ACL_USER_OBJ
>> entries to the ACL, even though the POSIX rules require exactly one.
>> 
>> Where do I go from here?
> 
> Oh that's very interesting. It shouldn't do that.

Well, sadly, that may not be the whole story. As a temporary fix, I just 
put some code into "smb_acl_to_posix" to check for duplicate USER_OBJs, 
and skip adding them to the ACL when it finds any. Windows gives me the 
same error, when I try to set an ACL.

Interestingly (to me), "smb_acl_to_posix" seems to be called twice, when 
attempting to set an ACL. The first time it's called, I get this ACL:

    user::rwx
    user:2001:rwx
    user:2004:rwx
    user:2005:rwx
    user:2006:rwx
    group::rwx
    group:2033:rwx
    mask::rwx
    other::rwx

which passes the "acl_valid" check. The second time through, I get this:

    user::rwx
    user:2001:rwx
    user:2003:rwx
    user:2004:rwx
    user:2005:rwx
    user:2006:rwx
    group::---
    mask::rwx
    other::---

which fails the "acl_valid" check. To me, that ACL looks fine (though I 
do find it odd that Samba removed my group permissions, when I was adding 
access for a user), but as I've said before, I'm no expert on ACLs.

Should I add this to my bug report, or create a new bug report, or is 
this an unrelated issue?