Bug 5047 - Default ACL is not properly used when creating a file
Summary: Default ACL is not properly used when creating a file
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.22
Hardware: x64 Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-26 10:52 UTC by Laurent Pinchart
Modified: 2008-02-21 12:24 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Laurent Pinchart 2007-10-26 10:52:54 UTC 
When creating a new file, the default ACL on the parent directory is not properly used. 'inherit acls = no' and 'inherit acls = yes' produce different results, but both of them are not correct.

---- Share configuration ----
[archive]
        path = /home/archive
        comment = Archive
        create mask = 0664
        directory mask = 0775
        inherit acls = no
        browseable = yes
        read only = no
        writeable = yes
        wide links = no

---- Parent directory ACLs ----
# file: .
# owner: root
# group: Backup\040Operators
user::rwx
group::---
group:Domain\040Users:r-x
group:Backup\040Operators:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:Domain\040Users:r-x
default:group:Backup\040Operators:rwx
default:mask::rwx
default:other::---

---- File created locally ----
# file: test-local
# owner: laurent.p
# group: Domain\040Users
user::rw-
group::---
group:Domain\040Users:r-x       #effective:r--
group:Backup\040Operators:rwx   #effective:rw-
mask::rw-
other::---

The file ACL is copied from the parent directory default ACL. This is the desired behavior.

---- File created through Samba with 'inherit acls = no' ----
# file: test-smb-no-inherit
# owner: laurent.p
# group: Domain\040Users
user::rw-
group::rw-
group:Domain\040Users:r-x
group:Backup\040Operators:rwx
mask::rwx
other::r--

When 'inherit acls' is set to 'no' in smb.conf, The default ACL is used (can be seen from the group:Domain Users and group:Backup Operators), but Samba sets group::rw- and other::r--

---- File created through Samba with 'inherit acls = yes' ----
# file: test-smb-inherit
# owner: laurent.p
# group: Domain\040Users
user::rwx
group::---
group:Domain\040Users:r-x
group:Backup\040Operators:rwx
mask::rwx
other::---

When 'inherit acls' is set to 'yes' in smb.conf, The default ACL is used (can be seen from the group:Domain Users and group:Backup Operators), the permissions on group::--- and other::--- are right, but Samba sets the eXecute bit even though 'create mask' is set to '0664'. The smb.conf manpage states that 'Enabling this option sets the mode to 0777' but doesn't specify if 'create mask' will be honored.
Comment 1 Michael Adam 2008-02-21 10:39:16 UTC 
could you please try with current samba v3-0-test and compare the effects?
there have been quite some fixes to the acl code recently (and less recently, too)

Michael
Comment 2 Laurent Pinchart 2008-02-21 12:24:13 UTC 
v3-0-test fixes the problem.