[Samba] ACL problem with the fix for Samba bug 14471 (Samba 4.12.10 & 4.13.2)
Peter Eriksson
pen at lysator.liu.se
Mon Dec 14 23:23:19 UTC 2020
Samba 4.12.10, 4.13.2 exhibit the following wrong behaviour when I copy a file tree using Drag-n-Drop from a Mac client (and probably others too):
Works fine on 4.12.9 and earlier.
root at filur00:/export/test/peter86 # getfacl .
# file: .
# owner: peter86
# group: wheel
owner@:rwxp--aARWcCos:-------:allow
user:thojo16:rwxpDdaARWcCos:fd-----:allow
group@:r-x---a-R-c--s:-------:allow
group:fillager-admins:rwxpDdaARWcCos:fd-----:allow
group:mai-all:rwxpDdaARWc--s:fd-----:allow
everyone@:r-x---a-R-c--s:———:allow
Samba 4.12.9:
root at filur00:/export/test/peter86 # getfacl Amanda-4.12.9
# file: Amanda-4.12.9
# owner: peter86
# group: domain_users
user:thojo16:rwxpDdaARWcCo-:fd-----:allow
group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow
group:mai-all:rwxpDdaARWc---:fd-----:allow
root at filur00:/export/test/peter86 # getfacl Amanda-4.12.9/Karlskrona
# file: Amanda-4.12.9/Karlskrona
# owner: peter86
# group: domain_users
user:thojo16:rwxpDdaARWcCo-:fd-----:allow
group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow
group:mai-all:rwxpDdaARWc---:fd-----:allow
Samba 4.12.10:
root at filur00:/export/test/peter86 # getfacl Amanda-4.12.10
# file: Amanda-4.12.10
# owner: peter86
# group: domain_users
user:thojo16:rwxpDdaARWcCo-:fd-----:allow
group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow
group:mai-all:rwxpDdaARWc---:fd-----:allow
everyone@:--------------:fd-----:allow
root at filur00:/export/test/peter86 # getfacl Amanda-4.12.10/Karlskrona
# file: Amanda-4.12.10/Karlskrona
# owner: peter86
# group: domain_users
user:thojo16:rwxpDdaARWcCo-:fd-----:allow
group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow
group:mai-all:rwxpDdaARWc---:fd-----:allow
everyone@:--------------:fd-----:allow
everyone@:--------------:fd-----:allow
Samba 4.13.2:
# file: Amanda-4.13.2
# owner: peter86
# group: domain_users
user:thojo16:rwxpDdaARWcCo-:fd-----:allow
group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow
group:mai-all:rwxpDdaARWc---:fd-----:allow
everyone@:--------------:fd-----:allow
root at filur00:/export/test/peter86 # getfacl Amanda-4.13.2/Karlskrona
# file: Amanda-4.13.2/Karlskrona
# owner: peter86
# group: domain_users
user:thojo16:rwxpDdaARWcCo-:fd-----:allow
group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow
group:mai-all:rwxpDdaARWc---:fd-----:allow
everyone@:--------------:fd-----:allow
everyone@:--------------:fd-----:allow
… you get the idea with the added everyone@ ACEs… I’m not 100% sure if it’s related but I’ve started getting reports about people being denied access to files to certain files/trees after they have copied stuff to our servers since upgrading to 4.13.2 (possibly 4.12.10 also but I think we went directly to 4.13.2 from 4.12.6 and .8).
- Peter
More information about the samba
mailing list