9313 – ntacl sysvolreset incorrect ACL Permitions

Bug 9313 - ntacl sysvolreset incorrect ACL Permitions

Summary: ntacl sysvolreset incorrect ACL Permitions

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.0
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.0.0rc3
Hardware:	x64 Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:	9342
Blocks:
	Show dependency tree / graph

Reported:	2012-10-22 06:47 UTC by Andries van Niekerk
Modified:	2012-12-04 11:11 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
SysvolCheck Error Screen (156.50 KB, image/jpeg) 2012-10-22 06:47 UTC, Andries van Niekerk	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andries van Niekerk 2012-10-22 06:47:11 UTC

Created attachment 8092 [details]
SysvolCheck Error Screen

Starting from RC3 ntacl sysvolreset Assign`s incorrect permisions to Sysvol share. On ntacl sysvolcheck a "VFS ACL on sysvol directory" error is produced.(Attached)

sysvolreset sets permitions on sysvol as follows :

getfacl sysvol/
 # file: sysvol/
 # owner: root
 # group: 3000000
 user::rwx
 user:root:rwx
 group::r--
 group:wheel:r--
 group:3000000:r--
 group:3000001:r--
 group:3000002:r--
 group:3000003:r--
 mask::rwx
 other::---

This causes GPO`s to fail to clients with "Access Denied" Error.

Current Samba Version : Version 4.1.0pre1-GIT-e3a48bb
Ubuntu 12.04 x64

Comment 1 Andrew Bartlett 2012-11-14 22:20:41 UTC

Does this still happen with master?

Indeed, this much should have been fixed before the last rc (rc5), but other sysvol ACL issues will be fixed for rc6.

Comment 2 Karolin Seeger 2012-12-04 11:11:50 UTC

Should be fixed in Samba 4.0.0rc6.
Please feel free to re-open if it's still an issue.

Thanks!