Looks like the fixes for bug #14470 have an issue: when a Windows client modifies an ACL of a directory that has a special magic everyone@: everyone@:--------------:fd----I:allow the new ACL shows the ACE as everyone@:--------------:fd-----:allow iow the "I" (inherited) flag is missing. Looking at the code it is clear that this is a problem in the changes done as part of bug #14470: if (must_add_empty_ace) { acebuf[i].a_type = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE; acebuf[i].a_flags = SMB_ACE4_DIRECTORY_INHERIT_ACE | SMB_ACE4_FILE_INHERIT_ACE | ACE_EVERYONE; acebuf[i].a_access_mask = 0; i++; } This misses to add the ACE_INHERITED_ACE flag. Have patch, need bugnumber.
This bug was referenced in samba master: a8457ac3c80e22588e33a343c2306b702734ca88 936f74daed0d6221312f651f35c4ed357bbf1414
Created attachment 16364 [details] Patch for 4.12 and 4.13 cherry-picked from master
Re-assigning to Karolin for inclusion in 4.13.next, 4.12.next.
(In reply to Jeremy Allison from comment #3) Pushed to autobuild-v4-{13,12}-test.
This bug was referenced in samba v4-13-test: 67d42392a31781296936f7de74a4622874586084 670c33fe9cbfe033feb785bf82e0540b1d95d762
This bug was referenced in samba v4-12-test: eaa736faf676fac706d841d41be4b5c9c0732a31 86d4448396b9cb715e5dd9cb3d34eb0e5f0d5a76
Pushed to both branches. Closing out bug report. Thanks!
This bug was referenced in samba v4-13-stable (Release samba-4.13.3): 67d42392a31781296936f7de74a4622874586084 670c33fe9cbfe033feb785bf82e0540b1d95d762
This bug was referenced in samba v4-12-stable (Release samba-4.12.11): eaa736faf676fac706d841d41be4b5c9c0732a31 86d4448396b9cb715e5dd9cb3d34eb0e5f0d5a76