Bug 12924 - set_nt_acl doesn't set ACLs correctly
set_nt_acl doesn't set ACLs correctly
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services
unspecified
All All
: P5 normal
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-21 13:58 UTC by Rowland Penny
Modified: 2017-08-24 10:33 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rowland Penny 2017-07-21 13:58:27 UTC
If this ACL is set with 'samba-tool ntacl sysvolreset':

O:BAG:SYD:AI(A;ID;0x001200a9;;;AU)(A;OICIIOID;GRGX;;;AU)(A;ID;0x001200a9;;;SO)(A;OICIIOID;GRGX;;;SO)(A;ID;0x001e01bf;;;BA)(A;OICIIOID;WOWDGRGWGX;;;BA)(A;ID;0x001f01ff;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIIOID;WOWDGRGWGX;;;CO)

and immediately read it back with 'samba-tool ntacl sysvolcheck', I get this:

O:BAG:SYD:AI(A;ID;0x001200a9;;;AU)(A;OICIIOID;GRGX;;;AU)(A;ID;0x001200a9;;;SO)(A;OICIIOID;GRGX;;;SO)(A;ID;0x001f01ff;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;0x001f01ff;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIIOID;GA;;;CO)

These two ACES:
(A;ID;0x001e01bf;;;BA)(A;OICIIOID;WOWDGRGWGX;;;BA)
Have Become
(A;ID;0x001f01ff;;;BA)(A;OICIIOID;GA;;;BA)

And

(A;OICIIOID;WOWDGRGWGX;;;CO)
Has become
(A;OICIIOID;GA;;;CO)

If you check from Windows, you get the same ACL as 'sysvolcheck'

It seems that set_nt_acl from source3/smbd/posix_acls.c isn't setting the correct ACL.