[Samba] ACL problem with the fix for Samba bug 14471 (Samba 4.12.10 & 4.13.2)

Peter Eriksson pen at lysator.liu.se
Mon Dec 14 23:23:19 UTC 2020


Samba 4.12.10, 4.13.2 exhibit the following wrong behaviour when I copy a file tree using Drag-n-Drop from a Mac client (and probably others too):
Works fine on 4.12.9 and earlier.


root at filur00:/export/test/peter86 # getfacl .
# file: .
# owner: peter86
# group: wheel
           owner@:rwxp--aARWcCos:-------:allow
     user:thojo16:rwxpDdaARWcCos:fd-----:allow
           group@:r-x---a-R-c--s:-------:allow
group:fillager-admins:rwxpDdaARWcCos:fd-----:allow
    group:mai-all:rwxpDdaARWc--s:fd-----:allow
        everyone@:r-x---a-R-c--s:———:allow


Samba 4.12.9:

root at filur00:/export/test/peter86 # getfacl Amanda-4.12.9
# file: Amanda-4.12.9
# owner: peter86
# group: domain_users
     user:thojo16:rwxpDdaARWcCo-:fd-----:allow
group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow
    group:mai-all:rwxpDdaARWc---:fd-----:allow

root at filur00:/export/test/peter86 # getfacl Amanda-4.12.9/Karlskrona
# file: Amanda-4.12.9/Karlskrona
# owner: peter86
# group: domain_users
     user:thojo16:rwxpDdaARWcCo-:fd-----:allow
group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow
    group:mai-all:rwxpDdaARWc---:fd-----:allow



Samba 4.12.10:

root at filur00:/export/test/peter86 # getfacl Amanda-4.12.10
# file: Amanda-4.12.10
# owner: peter86
# group: domain_users
     user:thojo16:rwxpDdaARWcCo-:fd-----:allow
group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow
    group:mai-all:rwxpDdaARWc---:fd-----:allow
        everyone@:--------------:fd-----:allow

root at filur00:/export/test/peter86 # getfacl Amanda-4.12.10/Karlskrona
# file: Amanda-4.12.10/Karlskrona
# owner: peter86
# group: domain_users
     user:thojo16:rwxpDdaARWcCo-:fd-----:allow
group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow
    group:mai-all:rwxpDdaARWc---:fd-----:allow
        everyone@:--------------:fd-----:allow
        everyone@:--------------:fd-----:allow



Samba 4.13.2:

# file: Amanda-4.13.2
# owner: peter86
# group: domain_users
     user:thojo16:rwxpDdaARWcCo-:fd-----:allow
group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow
    group:mai-all:rwxpDdaARWc---:fd-----:allow
        everyone@:--------------:fd-----:allow

root at filur00:/export/test/peter86 # getfacl Amanda-4.13.2/Karlskrona
# file: Amanda-4.13.2/Karlskrona
# owner: peter86
# group: domain_users
     user:thojo16:rwxpDdaARWcCo-:fd-----:allow
group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow
    group:mai-all:rwxpDdaARWc---:fd-----:allow
        everyone@:--------------:fd-----:allow
        everyone@:--------------:fd-----:allow


… you get the idea with the added everyone@ ACEs… I’m not 100% sure if it’s related but I’ve started getting reports about people being denied access to files to certain files/trees after they have copied stuff to our servers since upgrading to 4.13.2 (possibly 4.12.10 also but I think we went directly to 4.13.2 from 4.12.6 and .8).

- Peter




More information about the samba mailing list