The Samba-Bugzilla – Bug 6770
Cifs VFS doesn't honour Posix ACLs
Last modified: 2016-02-26 02:21:39 UTC
We are using Cifs VFS to mount samba shares on a CentOS 5.3 client (kernel 2.6.18-164.el5, CIFS Version 1.57RH).
setfacl/getfacl works fine on the client, but the ACLs permissions aren't honoured, this is, we can't chdir directories or read files with ACLs that grant this access.
The server is running on a RHEL 5.4 with samba3x-3.3.5-0.40.el5 (provied by Red Hat as a Technology Preview), the share has Unix Extensions enabled and resides on an Ext3 fs with acl option enabled.
Looking at the source code, found that fs/cifs/cifsfs.c:cifs_permission is the responsible for checking permissions.
In our case (kernel 2.6.18) this function calls generic_permission(inode, mask, NULL);
Looking at fs/namei.c:generic_permission, shows that hist third parameter (NULL in the call from cifs vfs module) is:
check_acl: optional callback to check for Posix ACLs
So it seems clear that full Posix ACL support is not yet fully implemented.
Is check_acl callback the only missing piece? Can we help on its implemtation?
POSIX ACL support has been implemented for many years - and should work fine when running Linux cifs kernel client to a Linux Samba server. Please reopen if you see any particular bugs.