The Samba-Bugzilla – Attachment 5150 Details for
Bug 5202
cannot change ACLs on writable file with "dos filemode=yes"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am format patch for 3.5.0.
0001-Re-fix-bug-5202-cannot-change-ACLs-on-writable-fil.patch (text/plain), 1.42 KB, created by
Jeremy Allison
on 2010-01-08 12:21:46 UTC
(
hide
)
Description:
git-am format patch for 3.5.0.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2010-01-08 12:21:46 UTC
Size:
1.42 KB
patch
obsolete
>From c5f7878c0fca97b6d2c57a15a82836f2bae5c63f Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Fri, 8 Jan 2010 10:17:46 -0800 >Subject: [PATCH] Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes" > >This bug re-occurred for 3.3.x and above. > >The reason is that to change a NT ACL we now have to open the file requesting >WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions >in posix_acls doesn't add these bits when "dos filemode = yes", so even though >the permission or owner change would be allowed by the POSIX ACL code, the >NTCreateX call fails with ACCESS_DENIED now we always check NT permissions >first. > >Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access. > >Jeremy. >(cherry picked from commit d7713d11a6dc2d66c820d7496bc45eb5fe527fbf) >--- > source3/smbd/posix_acls.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > >diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c >index 8280538..8d66bf1 100644 >--- a/source3/smbd/posix_acls.c >+++ b/source3/smbd/posix_acls.c >@@ -1107,6 +1107,9 @@ uint32_t map_canon_ace_perms(int snum, > nt_mask |= ((perms & S_IWUSR) ? UNIX_ACCESS_W : 0 ); > nt_mask |= ((perms & S_IXUSR) ? UNIX_ACCESS_X : 0 ); > } >+ if ((perms & S_IWUSR) && lp_dos_filemode(snum)) { >+ nt_mask |= (SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER); >+ } > } > > DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n", >-- >1.5.4.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 5202
:
3098
|
3380
| 5150 |
5151
|
5152