Bug 8002 - acl inheritance in 3.5.8 broken
Summary: acl inheritance in 3.5.8 broken
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: File services (show other bugs)
Version: 3.5.8
Hardware: x64 Linux
: P5 normal
Target Milestone: ---
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-03-10 09:14 UTC by Vladimir
Modified: 2021-11-18 19:27 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir 2011-03-10 09:14:17 UTC
Share definition:

[data]
        path = /var/data
        valid users = +CORP\www-writers, CORP\vova
        read only = No
        inherit acls = Yes
        inherit owner = Yes
        vfs objects = full_audit, recycle
        recycle:maxsize = 52428800
        recycle:exclude = .~lock.*
        recycle:touch_mtime = yes
        recycle:touch = no
        recycle:versions = yes
        recycle:keeptree = yes
        recycle:directory_mode = 0700
        recycle:repository = /mnt/data/samba/recycle/%u
        full_audit:prefix = share=%S|id=%u|ip=%I
        full_audit:priority = INFO
        full_audit:facility = LOCAL2
        full_audit:failure = unlink rmdir mkdir write rename aio_write pwrite connect disconnect
        full_audit:success = unlink rmdir mkdir write rename aio_write pwrite connect disconnect

ACL on folder:
# file: test
# owner: wwwadm
# group: www
user::rwx
user:vova:rwx
group::---
group:CORP\134www-writers:rwx
mask::rwx
other::---
default:user::rwx
default:user:vova:rwx
default:group::---
default:group:CORP\134www-writers:rwx
default:mask::rwx
default:other::---

So group CORP\www-writers always should have all rights on created files. This definition worked before update to 3.5.8 (in 3.5.6, 3.5.7 for example). In 3.5.8 mask doesn't inherit - it becomes "r--".
Comment 1 Vladimir 2011-03-16 08:36:12 UTC
Still no attention? This issue looks like regression.
Comment 2 Björn Jacke 2011-05-30 12:43:38 UTC
can you please test if https://bugzilla.samba.org/attachment.cgi?id=6417 from bug #8083 makes a difference for you here?
Comment 3 Vladimir 2011-05-31 10:59:36 UTC
(In reply to comment #2)
> can you please test if https://bugzilla.samba.org/attachment.cgi?id=6417 from
> bug #8083 makes a difference for you here?

Didn't help.
Comment 4 Vladimir 2011-07-05 11:32:32 UTC
Bump
Comment 5 Björn Jacke 2021-11-18 19:27:50 UTC
this worked fine for me since a couple of years with recent versions