10072 – If an Allow permission proceeds a Deny permission on a folder then Posix ACLs are not set correctly

Bug 10072 - If an Allow permission proceeds a Deny permission on a folder then Posix ACLs are not set correctly

Summary: If an Allow permission proceeds a Deny permission on a folder then Posix ACLs...

Status:	NEEDINFO

Alias:	None

Product:	Samba 3.6
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	3.6.16
Hardware:	All Windows 7

Importance:	P5 normal
Target Milestone:	---
Assignee:	Jeremy Allison
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-08-07 14:53 UTC by Joe Mann
Modified:	2014-08-05 20:42 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Joe Mann 2013-08-07 14:53:09 UTC

If a folder that has inherited deny permissions from its parent is given allow permissions, the following error is seen in the samba logs:
create_canon_ace_lists: malformed ACL in file ACL ! Deny entry after Allow entry. Failing to set on file <FILE>

This is easily reproducible by creating a folder, setting deny permissions for a specific user, creating another folder inside the previous one and setting allow permissions for the same user. Windows will throw a warning but will allow it, samba should be able to handle this condition.

Comment 1 Joe Mann 2013-08-07 15:04:10 UTC

This is seen when using vfc_acl_xattr.

Comment 2 Jeremy Allison 2014-08-05 20:42:03 UTC

Argh. Comment for #10489 should have been added here:

More info needed. A wireshark capture showing the ACL sent by the client would
help I think.

Jeremy.