Bug 14470 - vfs_zfsacl improvements to ACL handling
Summary: vfs_zfsacl improvements to ACL handling
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: 4.11.6
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Ralph Böhme
URL:
Keywords:
Depends on:
Blocks: 14471
  Show dependency treegraph
 
Reported: 2020-08-20 13:49 UTC by Ralph Böhme
Modified: 2020-11-30 11:55 UTC (History)
2 users (show)

See Also:


Attachments
Patch for 4.12 backported from master (12.96 KB, patch)
2020-10-22 08:03 UTC, Ralph Böhme
jra: review+
Details
Patch for 4.13 cherry-picked from master (12.92 KB, patch)
2020-10-22 08:04 UTC, Ralph Böhme
jra: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2020-08-20 13:49:12 UTC
ZFS ACL inheritance results in automatically adding NFSv4 special entries (owner@, group@, everyone@) to inherited ACLs which is confusing to Windows users maintaing ACLs via Windows tools and expecting Windows semantics.

ZFS will automatically add these these entries when calculating the inherited ACL of new files if the ACL of the parent directory lacks an inheriting special entry. This may result in user confusion and unexpected change in permissions of files and directories as the inherited ACL is generated.

Blocking this behavior is achieved by setting an inheriting everyone@ that grants no permissions and not adding the entry to the file's Security Descriptor when the client queries the SD.
Comment 1 Samba QA Contact 2020-10-15 20:28:16 UTC
This bug was referenced in samba master:

f763b1e43640082af80c855a4a519f7747a6c87c
c10ae30c1185463eb937f69c1fc9914558087167
Comment 2 Ralph Böhme 2020-10-22 08:03:31 UTC
Created attachment 16300 [details]
Patch for 4.12 backported from master
Comment 3 Ralph Böhme 2020-10-22 08:04:06 UTC
Created attachment 16301 [details]
Patch for 4.13 cherry-picked from master
Comment 4 Jeremy Allison 2020-10-30 00:27:04 UTC
Re-assigning to Karolin for inclusion in 4.13.next, 4.12.next.
Comment 5 Karolin Seeger 2020-10-30 12:19:29 UTC
(In reply to Jeremy Allison from comment #4)
Pushed to autobuild-v4-{13,12}-test.
Comment 6 Samba QA Contact 2020-10-30 13:54:39 UTC
This bug was referenced in samba v4-13-test:

1b03a34523110abbc7478d4633d37994fca760fa
50bb50341dfc268248cc22b7b1820f6278d82f06
Comment 7 Samba QA Contact 2020-10-30 15:25:33 UTC
This bug was referenced in samba v4-12-test:

78d843f43626a876557d3c6738329282adeb4dab
1bf997aa2443248b07933dfc2dc5d9f3cadeef4b
Comment 8 Karolin Seeger 2020-11-02 07:53:28 UTC
Closing out bug report.

Thanks!
Comment 9 Samba QA Contact 2020-11-03 12:36:00 UTC
This bug was referenced in samba v4-13-stable (Release samba-4.13.2):

1b03a34523110abbc7478d4633d37994fca760fa
50bb50341dfc268248cc22b7b1820f6278d82f06
Comment 10 Samba QA Contact 2020-11-05 10:01:16 UTC
This bug was referenced in samba v4-12-stable (Release samba-4.12.10):

78d843f43626a876557d3c6738329282adeb4dab
1bf997aa2443248b07933dfc2dc5d9f3cadeef4b