AW: setfacl fix

Parzer, Peter Peter.Parzer at med.uni-heidelberg.de
Mon Nov 18 01:37:12 MST 2013 

Hi,

I can show you this bug. A share mounted from a Samba server 3.6.3 (Ubuntu 12.04 Server) on Ubuntu 12.04 with kernel 3.2, cifs 1.76.

$ getfacl test
# file: test
# owner: parzerpeter
# group: domänen-benutzer
user::rwx
group::---
group:kjp-admins:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:kjp-admins:rwx
default:mask::rwx
default:other::---

$ setfacl -m u:kjptest:rx test

$ getfacl test
# file: test
# owner: parzerpeter
# group: domänen-benutzer
user::rwx
user:kjptest:r-x
group::---
group:kjp-admins:rwx
mask::rwx
other::---

$ setfacl -m d:g:kjp-admins:rwx test

$ getfacl test
# file: test
# owner: parzerpeter
# group: domänen-benutzer
user::rwx
group::---
other::---
default:user::rwx
default:group::---
default:group:kjp-admins:rwx
default:mask::rwx
default:other::---


When changing the ACLs, the defaults are removed, and when changing the defaults the ACLs are removed.

Peter
________________________________________
Von: linux-cifs-owner at vger.kernel.org [linux-cifs-owner at vger.kernel.org]" im Auftrag von "Steve French [smfrench at gmail.com]
Gesendet: Samstag, 16. November 2013 22:55
An: steve
Cc: Christoph Hellwig; linux-cifs at vger.kernel.org; samba-technical
Betreff: Re: setfacl fix

On Sat, Nov 16, 2013 at 9:15 AM, steve <steve at steve-ss.com> wrote:
>
>> > From: Steve French <smfrench at gmail.com>
>> > Date: Fri, 15 Nov 2013 20:41:32 -0600
>> > Subject: [PATCH] [CIFS] setfacl removes part of ACL when setting POSIX ACLs to
>> >  Samba
>> >
>> > setfacl over cifs mounts can remove the default ACL
>
> Hi
> cifs-utils 6.1 Samba 4.1.0
>
> I don't understand the '...over cifs mounts...' bit.
>
> Does it mean that if I have a share mounted on my Linux box and do a
> setfacl on a file in the share then the default acl will be removed?
>
> Sorry for a non dev question.

I was surprised too.  Over a cifs mount (to Samba, as Windows does not
support the POSIX style ACLs) it looks like many users paid attention
to only half the POSIX ACL, adding additional users or groups to the
(non-default) ACL and ignoring the default ACL or vice versa.  A user
reported the problem (with part of the ACL getting removed on setfacl
over a cifs mount) a couple days ago, and I found one older reference
to a similar problem.

--
Thanks,

Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the samba-technical mailing list