Bug 7812 - vfs_acl_xattr/vfs_acl_tdb: ACL inheritance cannot be disabled
vfs_acl_xattr/vfs_acl_tdb: ACL inheritance cannot be disabled
Product: Samba 3.5
Classification: Unclassified
Component: VFS Modules
Other Linux
: P3 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
Depends on: 7716
  Show dependency treegraph
Reported: 2010-11-23 06:04 UTC by Roel van Meer
Modified: 2010-11-24 11:15 UTC (History)
0 users

See Also:

git-am fix for 3.5.7. (1.50 KB, patch)
2010-11-23 16:24 UTC, Jeremy Allison
vl: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Roel van Meer 2010-11-23 06:04:31 UTC
In a samba share with vfs_acl_tdb or vfs_acl_xattr, ACL inheritance cannot be disabled if the ACLs on the current object are identical to the ACLs of the parent object. If they are different from the ACLs of the parent object, inheritance _can_ be disabled.

To reproduce the bug:

- Create a samba share and configure it with vfs objects = acl_xattr or vfs objects = acl_tdb
- From a Windows client, create a folder in this share
- Right click on it, select properties 
- Go to the security tab 
- Click advanced
- The "Inherit ACLs" checkbox is checked
- Uncheck "Inherit ACLs" checkbox
- Answer "Copy" to the popup with the question about what to do with the
permission entries (from choices Copy|Remove|Cancel)
--> The "Inherit ACLs" checkbox is now unchecked
- Click "Apply"
--> The "Inherit ACLs" checkbox is now checked again

This is a copy/fork of a bug report for the same bug on samba4: https://bugzilla.samba.org/show_bug.cgi?id=6917 , created by Jeremy's request.
Comment 1 Roel van Meer 2010-11-23 06:11:33 UTC
This problem also exists in 3.6.0pre1.
Comment 2 Roel van Meer 2010-11-23 09:04:06 UTC
I'm sorry to say it but the jumbo-acl patch (from http://www.samba.org/~vlendec/jumbo-patch-3-5-6.diff) does not fix the issue.
Comment 3 Roel van Meer 2010-11-23 09:24:30 UTC
And neither do the patches from http://samba.org/~jra/samba-3-5-x-acl-jumbo-patch.tgz 
If I can do anything else to assist, please let me know!
Comment 4 Jeremy Allison 2010-11-23 16:06:14 UTC
Thanks for your persistence on this. I've fixed the problem and will attach a patch for 3.5.7. This patch must be applied on top of the jumbo patch from bug:



Comment 5 Jeremy Allison 2010-11-23 16:24:18 UTC
Created attachment 6083 [details]
git-am fix for 3.5.7.

Note - this fix must be applied on top of the ACL jumbo patch in bug 7716:


Comment 6 Roel van Meer 2010-11-24 01:13:11 UTC
Hi Jeremy,

The jumbo-acl patch from bug 7716 along with your patch in this bug fix the issue! Yay! Early Christmas this year :)

This was tested on 3.5.6, 64-bit, for both vfs_acl_xattr and vfs_acl_tdb.

Thanks a lot!

Comment 7 Volker Lendecke 2010-11-24 06:25:00 UTC
Comment on attachment 6083 [details]
git-am fix for 3.5.7.

Looks right
Comment 8 Karolin Seeger 2010-11-24 11:15:21 UTC
Pushed to v3-5-test.
Closing out bug report.