As discussed on the mailing list [1], we need to ensure filesystem permission always grant access so that when doing our own access checks we don't run into situations were we grant access but the filesystem doesn't. Mailing list consensus was to achieve this by setting "directory mask = 0777", "create mask = 0666", map archive|hidden|system|readonly to no. I think I'll also add a recommendation to use "store dos attributes" to the vfs_acl_xattr|tdb manpages without forcing at runtime, because who knows what type of setups it may break. [1] <https://lists.samba.org/archive/samba-technical/2016-August/115779.html>
Created attachment 12446 [details] Patch for 4.3, 4.4 and 4.5 cherry-picked from master 4.3 and 4.4 still in the loop, backporting for those versions is a little more effort.
Comment on attachment 12446 [details] Patch for 4.3, 4.4 and 4.5 cherry-picked from master Patch applies to 4.3, 4.4 and 4.5. Please remember that it depends on #12177.
Re-assigning to Karolin for inclusion in 4.5.0, 4.4.x, 4,3,x.
Pushed to v4-5-test.
Pushed to autobuild-v4-{3,4}-test.
Pushed to all branches. Closing out bug report. Thanks!