Bug 6770 - Cifs VFS doesn't honour Posix ACLs
Summary: Cifs VFS doesn't honour Posix ACLs
Status: RESOLVED FIXED
Alias: None
Product: CifsVFS
Classification: Unclassified
Component: kernel fs (show other bugs)
Version: 2.6
Hardware: All Linux
: P3 major
Target Milestone: ---
Assignee: Steve French
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-09-30 05:06 UTC by Juanjo Villaplana
Modified: 2016-02-26 02:21 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Juanjo Villaplana 2009-09-30 05:06:00 UTC
We are using Cifs VFS to mount samba shares on a CentOS 5.3 client (kernel 2.6.18-164.el5, CIFS Version 1.57RH).

setfacl/getfacl works fine on the client, but the ACLs permissions aren't honoured, this is, we can't chdir directories or read files with ACLs that grant this access.

The server is running on a RHEL 5.4 with samba3x-3.3.5-0.40.el5 (provied by Red Hat as a Technology Preview), the share has Unix Extensions enabled and resides on an Ext3 fs with acl option enabled.
Comment 1 Juanjo Villaplana 2009-09-30 05:54:27 UTC
Looking at the source code, found that fs/cifs/cifsfs.c:cifs_permission is the responsible for checking permissions.

In our case (kernel 2.6.18) this function calls generic_permission(inode, mask, NULL);

Looking at fs/namei.c:generic_permission, shows that hist third parameter (NULL in the call from cifs vfs module) is:

  check_acl:  optional callback to check for Posix ACLs

So it seems clear that full Posix ACL support is not yet fully implemented.

Is check_acl callback the only missing piece? Can we help on its implemtation?

Best regards,
                  Juanjo
Comment 2 Steve French 2016-02-26 02:21:39 UTC
POSIX ACL support has been implemented for many years - and should work fine when running Linux cifs kernel client to a Linux Samba server.  Please reopen if you see any particular bugs.