When creating a file on CIFS-mounted file system (using Unix Extension), file do not inherit default POSIX ACL for "other". However, directory created in the same fashion inherit it just fine. Client (intrepid-desktop in the example below): - Ubuntu 8.10 (currently alpha), kernel 2.6.27 - Samba from the distribution: 3.2.3 - cifs kernel module v. 1.54 Server (intrepid-server in the example below): - Ubuntu 8.10 (currently alpha), kernel 2.6.27 - Samba 3.3.0pre2 compiled from source (default ./configure, no option) On the server, smb.conf is completely blank (all default), except for the share definition: [share] path = /srv/share read only = no inherit acls = yes Example (this part on the server): ubuntu@intrepid-server:~$ umask 0022 ubuntu@intrepid-server:~$ cd /srv/share ubuntu@intrepid-server:/srv/share$ sudo mkdir test-acl [sudo] password for ubuntu: ubuntu@intrepid-server:/srv/share$ sudo chown ubuntu:ubuntu test-acl ubuntu@intrepid-server:/srv/share$ setfacl -m d:o:rwx test-acl ubuntu@intrepid-server:/srv/share$ getfacl test-acl # file: test-acl # owner: ubuntu # group: ubuntu user::rwx group::r-x other::r-x default:user::rwx default:group::r-x default:other::rwx ubuntu@intrepid-server:/srv/share$ mkdir test-acl/dir-local ubuntu@intrepid-server:/srv/share$ touch test-acl/file-local ubuntu@intrepid-server:/srv/share$ getfacl -R test-acl # file: test-acl # owner: ubuntu # group: ubuntu user::rwx group::r-x other::r-x default:user::rwx default:group::r-x default:other::rwx # file: test-acl/test-local # owner: ubuntu # group: ubuntu user::rwx group::r-x other::rwx default:user::rwx default:group::r-x default:other::rwx # file: test-acl/dir-local # owner: ubuntu # group: ubuntu user::rwx group::r-x other::rwx default:user::rwx default:group::r-x default:other::rwx # file: test-acl/file-local # owner: ubuntu # group: ubuntu user::rw- group::r-- other::rw- So far so good, the file test-acl/file-local inherited "other" permission from the default ACL as expected (not inheriting x is expected, as explained in acl(5)). Now, on the client: ubuntu@intrepid-desktop:~$ uname -r 2.6.27-2-generic ubuntu@intrepid-desktop:~$ modinfo -F version cifs 1.54 ubuntu@intrepid-desktop:~$ umask 0022 ubuntu@intrepid-desktop:~$ grep intrepid-server /etc/fstab //intrepid-server/share /home/ubuntu/intrepid-server cifs user,username=ubuntu,password=ubuntu,noperm 0 0 ubuntu@intrepid-desktop:~$ mount /home/ubuntu/intrepid-server ubuntu@intrepid-desktop:~$ cd /home/ubuntu/intrepid-server/test-acl/ ubuntu@intrepid-desktop:~/intrepid-server/test-acl$ mkdir dir-cifs ubuntu@intrepid-desktop:~/intrepid-server/test-acl$ touch file-cifs I cannot use getfacl on the client to retrieve ACL on the file I just created as the cifs module in Ubuntu was not compiled with CONFIG_CIFS_XATTR. However, if I inspect the file and directory just created on the server, here is what I get: ubuntu@intrepid-server:/srv/share$ getfacl test-acl/*-cifs # file: test-acl/dir-cifs # owner: ubuntu # group: ubuntu user::rwx group::r-x other::r-x default:user::rwx default:group::r-x default:other::rwx # file: test-acl/file-cifs # owner: ubuntu # group: ubuntu user::rw- group::r-- other::r-- We can see the directory inherited the default ACL, but the file created on the client over the CIFS-mounted file system do not appear to have got the w permission propagated from the parent directory as expected. It should be noted that setting a default ACL for a named group (ie, setfacl -m d:g:users:rwx) work just fine with both files and directories, as expected. It seems it is really just the default ACL for the "other" entry that do not get propagated to files.
Ok, I've reproduced this with the latest v3-2-test git branch, and it's a CIFS client bug. The client creates the file using NTCreateX, and the server correctly inherits the file permissions from the ACL. The client then calls SetPathInfo with a UNIX infolevel and writes a new mode on top of the carefully server created one. I'm attaching a capture trace for Steve and Jeff to take a look at. Jeremy.
Created attachment 4170 [details] Capture trace showing the problem. Jeff or Steve, look at packets 8-11 to show the problem. Jeremy.
I think that's a known problem and should be fixed now. We just added the POSIX create for files recently (2.6.29-ish?). As long as the server supports posix create calls properly then that should work with recent kernels. Jeremy, what kernel were you using when you reproduced this?
This was with the default kernel on Ubuntu 9.04. 2.6.28 I think. Note the reporter is using Ubuntu 8.10 (kernel 2.6.27). Jeremy.
Ahh ok...I'm fairly certain that this problem is no more since we implemented posix creates in 2.6.29. I'm going to close this as FIXED. Please reopen if you see the same problem on kernels >= 2.6.29.