Bug 293 - Bug in 'map acl inherit = yes'
Bug in 'map acl inherit = yes'
Product: Samba 3.0
Classification: Unclassified
Component: File Services
Other other
: P3 major
: none
Assigned To: Jeremy Allison
Depends on:
  Show dependency treegraph
Reported: 2003-08-12 09:55 UTC by Marc Kaplan
Modified: 2005-02-07 09:02 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Marc Kaplan 2003-08-12 09:55:05 UTC
So the problem is that explicit permissions added to an inherited ACE look to 
also be coming from inheritance, when in reality they are not. The cause of 
this is that the EA only specifes the whether the UID/GID was inherited, it 
does not specify the ACEs for those UIDs/GIDs.

This is especially problematic, because future changes to the ACE causes the 
explicit portion of the ACE to be cleared, and only the original inherited 
part is preserved.

Win2k actually stores different ACEs for inherited permissions and explicit 
permissions, and they are || together for effective permissions, but the 
inherited ones are shown as "locked".
Comment 1 Gerald (Jerry) Carter 2003-08-29 08:11:34 UTC
Will try again for RC3.
Comment 2 Gerald (Jerry) Carter 2003-08-29 08:11:56 UTC
Will try again for RC3.
Comment 3 Gerald (Jerry) Carter 2003-08-29 08:13:31 UTC
sorry.  didn't mean to close it.
Comment 4 Gerald (Jerry) Carter 2004-03-24 07:13:12 UTC
When using the map acl inherit = yes option to store whether the 
ACEs were inherited from parent, any *explicit* permission added 
to an inherited ACE makes the entire ACE look like it it's being 
Comment 5 Gerald (Jerry) Carter 2004-05-27 04:05:31 UTC
can we do something with this one or close it out as won't fix ?
or just set the priority to a p5 meaning that it might get 
done one day when everything else is fixed.
Comment 6 Gerald (Jerry) Carter 2005-02-07 09:02:24 UTC
no work on this one.  closing on wont fix.