Bug 10072 - If an Allow permission proceeds a Deny permission on a folder then Posix ACLs are not set correctly
Summary: If an Allow permission proceeds a Deny permission on a folder then Posix ACLs...
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: File services (show other bugs)
Version: 3.6.16
Hardware: All Windows 7
: P5 normal
Target Milestone: ---
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
Depends on:
Reported: 2013-08-07 14:53 UTC by Joe Mann
Modified: 2014-08-05 20:42 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Joe Mann 2013-08-07 14:53:09 UTC
If a folder that has inherited deny permissions from its parent is given allow permissions, the following error is seen in the samba logs:
create_canon_ace_lists: malformed ACL in file ACL ! Deny entry after Allow entry. Failing to set on file <FILE>

This is easily reproducible by creating a folder, setting deny permissions for a specific user, creating another folder inside the previous one and setting allow permissions for the same user. Windows will throw a warning but will allow it, samba should be able to handle this condition.
Comment 1 Joe Mann 2013-08-07 15:04:10 UTC
This is seen when using vfc_acl_xattr.
Comment 2 Jeremy Allison 2014-08-05 20:42:03 UTC
Argh. Comment for #10489 should have been added here:

More info needed. A wireshark capture showing the ACL sent by the client would
help I think.