Bug 9313 - ntacl sysvolreset incorrect ACL Permitions
Summary: ntacl sysvolreset incorrect ACL Permitions
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.0.0rc3
Hardware: x64 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on: 9342
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-22 06:47 UTC by Andries van Niekerk
Modified: 2012-12-04 11:11 UTC (History)
1 user (show)

See Also:


Attachments
SysvolCheck Error Screen (156.50 KB, image/jpeg)
2012-10-22 06:47 UTC, Andries van Niekerk
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andries van Niekerk 2012-10-22 06:47:11 UTC
Created attachment 8092 [details]
SysvolCheck Error Screen

Starting from RC3 ntacl sysvolreset Assign`s incorrect permisions to Sysvol share. On ntacl sysvolcheck a "VFS ACL on sysvol directory" error is produced.(Attached)

sysvolreset sets permitions on sysvol as follows :

getfacl sysvol/
 # file: sysvol/
 # owner: root
 # group: 3000000
 user::rwx
 user:root:rwx
 group::r--
 group:wheel:r--
 group:3000000:r--
 group:3000001:r--
 group:3000002:r--
 group:3000003:r--
 mask::rwx
 other::---

This causes GPO`s to fail to clients with "Access Denied" Error.

Current Samba Version : Version 4.1.0pre1-GIT-e3a48bb
Ubuntu 12.04 x64
Comment 1 Andrew Bartlett 2012-11-14 22:20:41 UTC
Does this still happen with master?

Indeed, this much should have been fixed before the last rc (rc5), but other sysvol ACL issues will be fixed for rc6.
Comment 2 Karolin Seeger 2012-12-04 11:11:50 UTC
Should be fixed in Samba 4.0.0rc6.
Please feel free to re-open if it's still an issue.

Thanks!