[Samba] Set ACLs on Samba share from Windows

Jeremy Allison jra at samba.org
Fri Sep 2 18:00:25 MDT 2011 

On Fri, Sep 03, 2010 at 08:58:10AM -0700, Jeremy Allison wrote:
> On Thu, Sep 02, 2010 at 12:16:00AM +0000, Dadoo wrote:
> > 
> > On Wed, 01 Sep 2010 23:19:25 +0000, Dadoo wrote:
> > 
> > > On Wed, 01 Sep 2010 20:24:47 +0000, Dadoo wrote:
> > >> I've also dug into some of the Samba source and discovered the error is
> > >> coming from a function named "acl_valid", which is called from
> > >> "smb_acl_to_posix", in the file "vfs_posixacl.c". I'll admit I'm no
> > >> expert on POSIX ACLs, but I have to wonder if there's a bug in the
> > >> Linux ACL functions, since "smb_acl_to_posix" uses *only* ACL functions
> > >> to manipulate the ACL, and someone else in this group said that very
> > >> same function works on Solaris. Does this work for anyone out there,
> > >> using a Linux system?
> > > 
> > > Okay, now I'm getting somewhere. I finally got my source-compiled
> > > version of Samba (mostly) working, and put in a DEBUG statement that
> > > calls "acl_to_text", right before the call to "acl_valid". This is what
> > > I got:
> > > 
> > >     user::rwx
> > >     user::rwx
> > >     user:2001:rwx
> > >     user:2003:rwx
> > >     user:2004:rwx
> > >     user:2005:rwx
> > >     user:2006:rwx
> > >     group::---
> > >     mask::rwx
> > >     other::---
> > > 
> > > Again, I'm not an ACL expert. Can anyone verify whether or not this is a
> > > valid ACL?
> > > 
> > > Thanks
> > 
> > Well, it's not a bug in the Linux POSIX ACL libraries. According to the 
> > man page, it's the occurrence of two "user::rwx" (ACL_USER_OBJ) strings. 
> > In my log output, taken from the "for" loop in "smb_acl_to_posix", you 
> > can see that Samba attaches two ACL_USER_OBJ entries to the ACL, even 
> > though the POSIX rules require exactly one.
> > 
> > Where do I go from here?
> 
> Oh that's very interesting. It shouldn't do that.
> 
> Can you log a bug on bugzilla.samba.org and attach
> a debug level 10 log of smbd when you're doing this.
> 
> I'd like to fix this asap.

Sorry for the delay, but I finally fixed this in master
(and the fix will be in 3.6.1 and the next 3.5.x).

Thanks for your patience.

Jeremy.

More information about the samba mailing list