13528 – vfs_zfsacl does not allow users to "disable inheritance" via File Explorer

Bug 13528 - vfs_zfsacl does not allow users to "disable inheritance" via File Explorer

Summary: vfs_zfsacl does not allow users to "disable inheritance" via File Explorer

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	VFS Modules (show other bugs)
Version:	4.7.6
Hardware:	All FreeBSD

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-07-13 18:39 UTC by Andrew Walker
Modified:	2018-07-14 17:22 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
vfs_zfsacl patch to set dacl protected if no entries in ACL are inherited (1.62 KB, patch) 2018-07-13 18:39 UTC, Andrew Walker	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Walker 2018-07-13 18:39:22 UTC

Created attachment 14322 [details]
vfs_zfsacl patch to set dacl protected if no entries in ACL are inherited

The option in File Explorer for disabling inheritance and converting inherited permissions into explicit permissions does not work with zfsacl enabled. The issue is trivial to reproduce, but I'm happy to provide pcaps and logs if they are required.

On FreeBSD this was a two-part fix. I already patched sysutils/libsunacl to expose ACE_INHERITED_ACE. 

This patch adds a new configuration option for setting the dacl_protected control flag in the zfsacl vfs module, and defaults to preserving previous behavior. If ACE_INHERITED_ACE isn't present in the any of the members of the ACL, then set dacl_protected.