Bug 14494 - "setcifsacl" confuses "R" permission with "RX"
Summary: "setcifsacl" confuses "R" permission with "RX"
Status: NEW
Alias: None
Product: CifsVFS
Classification: Unclassified
Component: user space tools (show other bugs)
Version: 5.x
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Jeff Layton
QA Contact: cifs QA contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-15 02:14 UTC by Micah Veilleux
Modified: 2021-03-18 07:33 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Micah Veilleux 2020-09-15 02:14:54 UTC 
When attempting to set "R" permission with "setcifsacl", "RX" (equivalent to "READ") is set instead:
------------------------------
mcrw1:/TCS # getcifsacl testfile
REVISION:0x1
CONTROL:0x8004
OWNER:VPTC3\cifsuser
GROUP:VPTC3\Domain Users
ACL:VPTC3\Domain Admins:ALLOWED/0x0/RWDPO
ACL:VPTC3\cifsuser:ALLOWED/0x0/RWDPO
mcrw1:/TCS #
mcrw1:/TCS # setcifsacl -a "ACL:VPTC3\mveil:ALLOWED/0x0/R" testfile
mcrw1:/TCS #
mcrw1:/TCS # getcifsacl testfile
REVISION:0x1
CONTROL:0x8004
OWNER:VPTC3\cifsuser
GROUP:VPTC3\Domain Users
ACL:VPTC3\Domain Admins:ALLOWED/0x0/RWDPO
ACL:VPTC3\cifsuser:ALLOWED/0x0/RWDPO
ACL:VPTC3\mveil:ALLOWED/0x0/READ   # --> not ok, should be "R"
mcrw1:/TCS #
mcrw1:/TCS # rm testfile ; touch testfile
mcrw1:/TCS #
mcrw1:/TCS # setcifsacl -a "ACL:VPTC3\mveil:ALLOWED/0x0/RX" testfile
mcrw1:/TCS #
mcrw1:/TCS # getcifsacl testfile
REVISION:0x1
CONTROL:0x8004
OWNER:VPTC3\cifsuser
GROUP:VPTC3\Domain Users
ACL:VPTC3\Domain Admins:ALLOWED/0x0/RWDPO
ACL:VPTC3\cifsuser:ALLOWED/0x0/RWDPO
ACL:VPTC3\mveil:ALLOWED/0x0/READ   # --> ok
mcrw1:/TCS #
------------------------------
Comment 1 Björn Jacke 2021-03-18 07:33:48 UTC 
can someone of the cifs vfs developers please have a look?

Generlly much of the cifsacl stuff is really nice bug with the outstanding bugs, some of those that Micah  reported, cifs vfs with NT ACLs is just not usable and people who *need* to use full NT ACLs with a POSIX client have no other option than using a different OS with native NFS4 ACLs support like FreeBSD currently.