[PATCH] vfs_acl_xattr|tdb: set create mask to 0777 if ignore_system_acls is set
Jeremy Allison
jra at samba.org
Thu Feb 9 19:03:21 UTC 2017
On Mon, Feb 06, 2017 at 01:19:48PM +0100, Ralph Böhme wrote:
> Hi!
>
> Attached is a patch for bug
> https://bugzilla.samba.org/show_bug.cgi?id=12562
>
> The fix for bug #12181 included a change that should ensure filesystem
> permissions are out of the way when using VFS modules acl_xattr or acl_tdb with
> "acl_xattr:ignore system acls = yes".
>
> At runtime, when the module is loaded, we set "create mask = 0666" which doesn't
> contain executable rights files. This should really by "create mask = 0777"
> instead.
>
> Please review & push if happy. Thanks!
Hi Ralph,
Can you explain the customer scenario that instigated
this fix ?
It's *probably* right, but I think Uri is asking the
right questions about defauling files to 'x' access
and I want to understand the exact failure case before
I OK this :-).
Cheers,
Jeremy.
> From f49942e3eb0a2cb67d461cdb3d670fc3cfb51059 Mon Sep 17 00:00:00 2001
> From: Ralph Boehme <slow at samba.org>
> Date: Mon, 6 Feb 2017 12:47:41 +0100
> Subject: [PATCH] vfs_acl_xattr|tdb: set create mask to 0777 if
> ignore_system_acls is set
>
> Bug: https://bugzilla.samba.org/show_bug.cgi?id=12562
>
> Signed-off-by: Ralph Boehme <slow at samba.org>
> ---
> source3/modules/vfs_acl_tdb.c | 4 ++--
> source3/modules/vfs_acl_xattr.c | 4 ++--
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
> index 174affe..802162a 100644
> --- a/source3/modules/vfs_acl_tdb.c
> +++ b/source3/modules/vfs_acl_tdb.c
> @@ -342,12 +342,12 @@ static int connect_acl_tdb(struct vfs_handle_struct *handle,
> return -1);
>
> if (config->ignore_system_acls) {
> - DBG_NOTICE("setting 'create mask = 0666', "
> + DBG_NOTICE("setting 'create mask = 0777', "
> "'directory mask = 0777', "
> "'store dos attributes = yes' and all "
> "'map ...' options to 'no'\n");
>
> - lp_do_parameter(SNUM(handle->conn), "create mask", "0666");
> + lp_do_parameter(SNUM(handle->conn), "create mask", "0777");
> lp_do_parameter(SNUM(handle->conn), "directory mask", "0777");
> lp_do_parameter(SNUM(handle->conn), "map archive", "no");
> lp_do_parameter(SNUM(handle->conn), "map hidden", "no");
> diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
> index e1f90ff..9cbc0cc 100644
> --- a/source3/modules/vfs_acl_xattr.c
> +++ b/source3/modules/vfs_acl_xattr.c
> @@ -209,12 +209,12 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
> return -1);
>
> if (config->ignore_system_acls) {
> - DBG_NOTICE("setting 'create mask = 0666', "
> + DBG_NOTICE("setting 'create mask = 0777', "
> "'directory mask = 0777', "
> "'store dos attributes = yes' and all "
> "'map ...' options to 'no'\n");
>
> - lp_do_parameter(SNUM(handle->conn), "create mask", "0666");
> + lp_do_parameter(SNUM(handle->conn), "create mask", "0777");
> lp_do_parameter(SNUM(handle->conn), "directory mask", "0777");
> lp_do_parameter(SNUM(handle->conn), "map archive", "no");
> lp_do_parameter(SNUM(handle->conn), "map hidden", "no");
> --
> 2.9.3
>
More information about the samba-technical
mailing list