[Samba] samba acl restore error
Jeremy Allison
jra at samba.org
Thu Jan 27 13:09:31 MST 2011
On Thu, Jan 27, 2011 at 04:26:10AM -0500, suresh.kandukuru at emc.com wrote:
> Dear Jeremy and samba team ,
>
> This is suresh from EMC.I am having samba 3.4.8 on my NAS with posix acls support.
>
>
>
> When a backup software backs up files and folders, it typically backs up the security settings on the files/folders
>
> too. Then during restore, the software will try to restore the files/folders
>
> along with their security settings. The restore is now broken because security
>
> settings cannot be restored any more.
>
>
>
> I have enabled samba loglevel 10 . I see the problem is coming here.
>
> ----------
>
> 2011/01/26 10:41:04, 10] smbd/open.c:2896(create_file_unixpath)
>
> create_file_unixpath: access_mask = 0x11e019f file_attributes = 0x80,
> share_access = 0x3, create_disposition = 0x1 create_options = 0x4004
> oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = Share2/file2.txt
>
> --------------
>
> SEC_FLAG_SYSTEM_SECURITY is 0x01000000
>
> /* We need to support SeSecurityPrivilege for this. */
>
>
>
> if (access_mask & SEC_FLAG_SYSTEM_SECURITY) {
>
>
>
> status = NT_STATUS_PRIVILEGE_NOT_HELD;
>
>
>
> goto fail;
>
>
>
> }
>
>
>
> and I see the restore is working fine when I Restore all information except security for files and directories
The SEC_FLAG_SYSTEM_SECURITY flag is for setting the audit ACE entries
in an ACL - it isn't used for normal restoring of ACL ACE entries.
We return this error here as it's required by MS-Office (Excel) which
expects to get this error when changing ACLs on files (don't ask :-).
This is fixed in 3.5.7 and above by adding it as a privilege that
can be selected for a user who is doing restores.
Ping me off-list if you need a back port of this code.
Jeremy.
More information about the samba
mailing list