[Samba] Set ACLs on Samba share from Windows
Dadoo
samba1.3.dadoo3002 at spamgourmet.com
Fri Sep 3 15:29:04 MDT 2010
On Fri, 03 Sep 2010 08:58:10 -0700, Jeremy Allison wrote:
>>
>> Well, it's not a bug in the Linux POSIX ACL libraries. According to the
>> man page, it's the occurrence of two "user::rwx" (ACL_USER_OBJ)
>> strings. In my log output, taken from the "for" loop in
>> "smb_acl_to_posix", you can see that Samba attaches two ACL_USER_OBJ
>> entries to the ACL, even though the POSIX rules require exactly one.
>>
>> Where do I go from here?
>
> Oh that's very interesting. It shouldn't do that.
Well, sadly, that may not be the whole story. As a temporary fix, I just
put some code into "smb_acl_to_posix" to check for duplicate USER_OBJs,
and skip adding them to the ACL when it finds any. Windows gives me the
same error, when I try to set an ACL.
Interestingly (to me), "smb_acl_to_posix" seems to be called twice, when
attempting to set an ACL. The first time it's called, I get this ACL:
user::rwx
user:2001:rwx
user:2004:rwx
user:2005:rwx
user:2006:rwx
group::rwx
group:2033:rwx
mask::rwx
other::rwx
which passes the "acl_valid" check. The second time through, I get this:
user::rwx
user:2001:rwx
user:2003:rwx
user:2004:rwx
user:2005:rwx
user:2006:rwx
group::---
mask::rwx
other::---
which fails the "acl_valid" check. To me, that ACL looks fine (though I
do find it odd that Samba removed my group permissions, when I was adding
access for a user), but as I've said before, I'm no expert on ACLs.
Should I add this to my bug report, or create a new bug report, or is
this an unrelated issue?
More information about the samba
mailing list