Peter Eriksson
2020-Dec-14 23:23 UTC
[Samba] ACL problem with the fix for Samba bug 14471 (Samba 4.12.10 & 4.13.2)
Samba 4.12.10, 4.13.2 exhibit the following wrong behaviour when I copy a file tree using Drag-n-Drop from a Mac client (and probably others too): Works fine on 4.12.9 and earlier. root at filur00:/export/test/peter86 # getfacl . # file: . # owner: peter86 # group: wheel owner@:rwxp--aARWcCos:-------:allow user:thojo16:rwxpDdaARWcCos:fd-----:allow group@:r-x---a-R-c--s:-------:allow group:fillager-admins:rwxpDdaARWcCos:fd-----:allow group:mai-all:rwxpDdaARWc--s:fd-----:allow everyone@:r-x---a-R-c--s:???:allow Samba 4.12.9: root at filur00:/export/test/peter86 # getfacl Amanda-4.12.9 # file: Amanda-4.12.9 # owner: peter86 # group: domain_users user:thojo16:rwxpDdaARWcCo-:fd-----:allow group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow group:mai-all:rwxpDdaARWc---:fd-----:allow root at filur00:/export/test/peter86 # getfacl Amanda-4.12.9/Karlskrona # file: Amanda-4.12.9/Karlskrona # owner: peter86 # group: domain_users user:thojo16:rwxpDdaARWcCo-:fd-----:allow group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow group:mai-all:rwxpDdaARWc---:fd-----:allow Samba 4.12.10: root at filur00:/export/test/peter86 # getfacl Amanda-4.12.10 # file: Amanda-4.12.10 # owner: peter86 # group: domain_users user:thojo16:rwxpDdaARWcCo-:fd-----:allow group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow group:mai-all:rwxpDdaARWc---:fd-----:allow everyone@:--------------:fd-----:allow root at filur00:/export/test/peter86 # getfacl Amanda-4.12.10/Karlskrona # file: Amanda-4.12.10/Karlskrona # owner: peter86 # group: domain_users user:thojo16:rwxpDdaARWcCo-:fd-----:allow group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow group:mai-all:rwxpDdaARWc---:fd-----:allow everyone@:--------------:fd-----:allow everyone@:--------------:fd-----:allow Samba 4.13.2: # file: Amanda-4.13.2 # owner: peter86 # group: domain_users user:thojo16:rwxpDdaARWcCo-:fd-----:allow group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow group:mai-all:rwxpDdaARWc---:fd-----:allow everyone@:--------------:fd-----:allow root at filur00:/export/test/peter86 # getfacl Amanda-4.13.2/Karlskrona # file: Amanda-4.13.2/Karlskrona # owner: peter86 # group: domain_users user:thojo16:rwxpDdaARWcCo-:fd-----:allow group:fillager-admins:rwxpDdaARWcCo-:fd-----:allow group:mai-all:rwxpDdaARWc---:fd-----:allow everyone@:--------------:fd-----:allow everyone@:--------------:fd-----:allow ? you get the idea with the added everyone@ ACEs? I?m not 100% sure if it?s related but I?ve started getting reports about people being denied access to files to certain files/trees after they have copied stuff to our servers since upgrading to 4.13.2 (possibly 4.12.10 also but I think we went directly to 4.13.2 from 4.12.6 and .8). - Peter