Bug 6914 - can't change ACLs with setfacl and dos filemode set
can't change ACLs with setfacl and dos filemode set
Status: REOPENED
Product: Samba 3.4
Classification: Unclassified
Component: File services
3.4.3
x86 Linux
: P3 normal
: ---
Assigned To: Volker Lendecke
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-11-20 15:58 UTC by Jörg Sommer
Modified: 2009-11-23 07:08 UTC (History)
1 user (show)

See Also:


Attachments
Dump of the network traffic while reproducing this bug (7.76 KB, application/octet-stream)
2009-11-20 16:02 UTC, Jörg Sommer
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jörg Sommer 2009-11-20 15:58:43 UTC
Hi,

I've set the option "dos filemode = yes" for the share projects. This is the status of the file:

server# smbstatus

Samba version 3.4.3
PID     Username      Group         Machine                        
-------------------------------------------------------------------
4556      joerg         adm           __ffff_10.10.10.26 (::ffff:10.10.10.26)

client% getfacl test 
# file: test
# owner: nobody
# group: nogroup
user::rw-
user:joerg:rwx
group::r--
mask::rwx
other::r--

client% smbcacls //cifs-projects/projects /test       
Enter joerg's password: 
REVISION:1
CONTROL:0x9004
OWNER:NEPTUN\nobody
GROUP:Unix Group\nogroup
ACL:NEPTUN\nobody:ALLOWED/0x0/RW
ACL:Unix Group\nogroup:ALLOWED/0x0/R
ACL:NEPTUN\joerg:ALLOWED/0x0/0x001e01ff
ACL:Everyone:ALLOWED/0x0/R

The dos filemode option allows me to change the ACLs of the file I don't own, but I've write permission to.

client% smbcacls //cifs-projects/projects /test -M 'ACL:Everyone:ALLOWED/0x0/X'
Enter joerg's password: 

client% getfacl test
# file: test
# owner: nobody
# group: nogroup
user::rw-
user:joerg:rwx
group::r--
mask::rwx
other::r-x

client% smbcacls //cifs-projects/projects /test                                        
Enter joerg's password: 
REVISION:1
CONTROL:0x9004
OWNER:NEPTUN\nobody
GROUP:Unix Group\nogroup
ACL:NEPTUN\nobody:ALLOWED/0x0/RW
ACL:Unix Group\nogroup:ALLOWED/0x0/R
ACL:NEPTUN\joerg:ALLOWED/0x0/0x001e01ff
ACL:Everyone:ALLOWED/0x0/READ

But changing anything with setfacl fails:
client% setfacl -m o::rwx test
setfacl: test: Permission denied

I've mounted the share on the client with the mount option noperm to pass all permission checks to the server. The server is Samba 3.4.3 running on Linux 2.6.30. The client runs Linux 2.6.31-rc5.
Comment 1 Jörg Sommer 2009-11-20 16:02:37 UTC
Created attachment 4971 [details]
Dump of the network traffic while reproducing this bug

There's a short time gap between the smbcacls call and the setfacl call.
Comment 2 Simo Sorce 2009-11-20 16:46:58 UTC
Afaik this is by design.
DOS Filemode is not honored if you mount with unix_extensions (default for cifs.ko against samba).
If you are using unix_extensions it means you want perfect posix semantics.

Also as far as I know setting acls doesn't have proper support in cifs.ko yet.

Closing as invalid.

Comment 3 Jeremy Allison 2009-11-20 16:57:42 UTC
No this is not correct. Look in cifs_setxattr() and you will find:

#ifdef CONFIG_CIFS_POSIX
                        if (sb->s_flags & MS_POSIXACL)
                                rc = CIFSSMBSetPosixACL(xid, pTcon, full_path,
                                        ea_value, (const int)value_size,
                                        ACL_TYPE_ACCESS, cifs_sb->local_nls,
                                        cifs_sb->mnt_cifs_flags &
                                                CIFS_MOUNT_MAP_SPECIAL_CHR);
                        cFYI(1, ("set POSIX ACL rc %d", rc));
#else
                        cFYI(1, ("set POSIX ACL not supported"));
#endif

So it depends on the kernel being compiled with CONFIG_CIFS_POSIX set. But the code does seem to be there.

Jeremy.