The Samba-Bugzilla – Attachment 16478 Details for
Bug 13809
"Unix perms" Group Write permissions getting "lost" to Windows client when accessing files with "zfsacl" VFS enabled on FreeBSD
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch that fixes the missing permission bits for FreeBSD/ZFS(unix mode)/Samba
allow_write_on_attrib.patch (text/plain), 3.35 KB, created by
Peter Eriksson
on 2021-03-01 17:00:36 UTC
(
hide
)
Description:
Patch that fixes the missing permission bits for FreeBSD/ZFS(unix mode)/Samba
Filename:
MIME Type:
Creator:
Peter Eriksson
Created:
2021-03-01 17:00:36 UTC
Size:
3.35 KB
patch
obsolete
>diff -r -u samba-4.14.0rc4/source3/modules/nfs4_acls.c samba-4.14.0rc4-LIU/source3/modules/nfs4_acls.c >--- samba-4.14.0rc4/source3/modules/nfs4_acls.c 2021-01-21 14:20:40.000000000 +0100 >+++ samba-4.14.0rc4-LIU/source3/modules/nfs4_acls.c 2021-03-01 17:22:32.493233000 +0100 >@@ -106,6 +106,7 @@ > } > > params->map_full_control = lp_acl_map_full_control(SNUM(conn)); >+ params->force_attrib_write = lp_acl_force_attrib_write(SNUM(conn)); > > DEBUG(10, ("mode:%s, do_chown:%s, acedup: %s map full control:%s\n", > enum_smbacl4_modes[params->mode].name, >@@ -410,6 +411,23 @@ > DEBUG(10, ("Windows mapped ace flags: 0x%x => 0x%x\n", > ace->aceFlags, win_ace_flags)); > >+ /* https://bugzilla.samba.org/show_bug.cgi?id=13809 >+ Windows won't grant write access unless it also have write access on attrib so >+ let's fake it. This is needed since the unix mode bits emulation of ZFS on FreeBSD >+ creates an ACL without WRITE_ATTRIBUTES and WRITE_NAMED_ATTRS for group@/other@ entries. >+ */ >+ if (params->force_attrib_write) { >+ if (ace->aceMask & SMB_ACE4_WRITE_DATA) { >+ ace->aceMask |= (SMB_ACE4_WRITE_ATTRIBUTES|SMB_ACE4_WRITE_NAMED_ATTRS); >+ } >+ /* >+ if ((ace->aceMask & SMB_ACE4_READ_DATA) == 0) { >+ ace->aceMask &= ~(SMB_ACE4_READ_ATTRIBUTES|SMB_ACE4_READ_NAMED_ATTRS); >+ } >+ */ >+ DEBUG(10, ("Changing ACL, adding mask for win-compability." \ >+ " New mask: %x\n", ace->aceMask)); >+ } > mask = ace->aceMask; > > /* Mapping of owner@ and group@ to creator owner and >diff -r -u samba-4.14.0rc4/source3/modules/nfs4_acls.h samba-4.14.0rc4-LIU/source3/modules/nfs4_acls.h >--- samba-4.14.0rc4/source3/modules/nfs4_acls.h 2021-01-21 14:20:40.000000000 +0100 >+++ samba-4.14.0rc4-LIU/source3/modules/nfs4_acls.h 2021-03-01 15:56:46.718018000 +0100 >@@ -113,6 +113,7 @@ > bool do_chown; > enum smbacl4_acedup_enum acedup; > bool map_full_control; >+ bool force_attrib_write; > }; > > int smbacl4_get_vfs_params(struct connection_struct *conn, >diff -r -u samba-4.14.0rc4/source3/param/loadparm.c samba-4.14.0rc4-LIU/source3/param/loadparm.c >--- samba-4.14.0rc4/source3/param/loadparm.c 2021-01-21 14:20:40.000000000 +0100 >+++ samba-4.14.0rc4-LIU/source3/param/loadparm.c 2021-03-01 15:51:58.198328000 +0100 >@@ -251,6 +251,7 @@ > .smbd_getinfo_ask_sharemode = true, > .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX, > .honor_change_notify_privilege = false, >+ .acl_force_attrib_write = false, > .dummy = "" > }; > >--- samba-4.14.0rc4/docs-xml/smbdotconf/protocol/aclforceattribwrite.xml 2021-03-01 17:27:47.612190000 +0100 >+++ samba-4.14.0rc4-LIU/docs-xml/smbdotconf/protocol/aclforceattribwrite.xml 2021-03-01 15:50:44.882248000 +0100 >@@ -0,0 +1,15 @@ >+<samba:parameter name="acl force attrib write" >+ context="S" >+ type="boolean" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para> >+ This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle> >+ <manvolnum>8</manvolnum></citerefentry> forcibly adds WRITE_ATTRIBUTES and WRITE_NAMED_ATTRS >+ permissions to the ACL sent to the client when WRITE permissions is detected. Windows refuses >+ to write to files on FreeBSD systems with ZFS otherwise for files given full Unix group/other >+ write permissions due to way it translates Unix mode bits to ZFS ACLs. >+ </para> >+</description> >+<value type="default">no</value> >+</samba:parameter>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13809
: 16478 |
16479
|
16488