Bug 12924 - set_nt_acl doesn't set ACLs correctly
Summary: set_nt_acl doesn't set ACLs correctly
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-21 13:58 UTC by Rowland Penny
Modified: 2021-12-07 17:40 UTC (History)
5 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rowland Penny 2017-07-21 13:58:27 UTC
If this ACL is set with 'samba-tool ntacl sysvolreset':

O:BAG:SYD:AI(A;ID;0x001200a9;;;AU)(A;OICIIOID;GRGX;;;AU)(A;ID;0x001200a9;;;SO)(A;OICIIOID;GRGX;;;SO)(A;ID;0x001e01bf;;;BA)(A;OICIIOID;WOWDGRGWGX;;;BA)(A;ID;0x001f01ff;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIIOID;WOWDGRGWGX;;;CO)

and immediately read it back with 'samba-tool ntacl sysvolcheck', I get this:

O:BAG:SYD:AI(A;ID;0x001200a9;;;AU)(A;OICIIOID;GRGX;;;AU)(A;ID;0x001200a9;;;SO)(A;OICIIOID;GRGX;;;SO)(A;ID;0x001f01ff;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;0x001f01ff;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIIOID;GA;;;CO)

These two ACES:
(A;ID;0x001e01bf;;;BA)(A;OICIIOID;WOWDGRGWGX;;;BA)
Have Become
(A;ID;0x001f01ff;;;BA)(A;OICIIOID;GA;;;BA)

And

(A;OICIIOID;WOWDGRGWGX;;;CO)
Has become
(A;OICIIOID;GA;;;CO)

If you check from Windows, you get the same ACL as 'sysvolcheck'

It seems that set_nt_acl from source3/smbd/posix_acls.c isn't setting the correct ACL.
Comment 1 Jonathan Hunter 2018-03-02 11:08:10 UTC
Not sure if this is related to bug 12363 which refers to fset_nt_acl_common in source3/modules/vfs_acl_common.c