Bug 13528 - vfs_zfsacl does not allow users to "disable inheritance" via File Explorer
Summary: vfs_zfsacl does not allow users to "disable inheritance" via File Explorer
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: 4.7.6
Hardware: All FreeBSD
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-13 18:39 UTC by Andrew Walker
Modified: 2018-07-14 17:22 UTC (History)
1 user (show)

See Also:


Attachments
vfs_zfsacl patch to set dacl protected if no entries in ACL are inherited (1.62 KB, patch)
2018-07-13 18:39 UTC, Andrew Walker
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Walker 2018-07-13 18:39:22 UTC
Created attachment 14322 [details]
vfs_zfsacl patch to set dacl protected if no entries in ACL are inherited

The option in File Explorer for disabling inheritance and converting inherited permissions into explicit permissions does not work with zfsacl enabled. The issue is trivial to reproduce, but I'm happy to provide pcaps and logs if they are required.

On FreeBSD this was a two-part fix. I already patched sysutils/libsunacl to expose ACE_INHERITED_ACE. 

This patch adds a new configuration option for setting the dacl_protected control flag in the zfsacl vfs module, and defaults to preserving previous behavior. If ACE_INHERITED_ACE isn't present in the any of the members of the ACL, then set dacl_protected.