12759 – smbd: files and directories created by admin users are owned by root if inherit acls is disabled

Bug 12759 - smbd: files and directories created by admin users are owned by root if inherit acls is disabled

Summary: smbd: files and directories created by admin users are owned by root if inher...

Status:	ASSIGNED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	4.6.3
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Uri Simchoni
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-04-27 19:10 UTC by Uri Simchoni
Modified:	2017-04-28 11:48 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Uri Simchoni 2017-04-27 19:10:29 UTC

A user can be defined as an admin user on the share (listed in "admin users" or member of a group listed there). When serving an admin user, smbd runs as root.

That means when files / directories are created, the kernel creates them as owned by root, and that has to be fixed to prevent confusion.

If "inherit acls" is enabled (happens automatically when acl_xattr module is loaded), the Windows ACL inheritance mechanism causes new files and directories to have the correct POSIX owner, and that takes care of things also for the "root" case.

However, if "inherit acls" is disabled, there's no existing mechanism to fix the ownership, and the owner ends up being root.