samba - Feb 2004 - ACL bug

Hello,

I'm using samba 3.0.2(acl) and kernel 2.4.24+acl, libacl-2.2.23.

Following problem:
When I create a file in an directory with extended ACLs, samba applies the
"create mask" in a wrong way (IMHO).
The normal behaviour of tools like chmod is that the second (middle)
permission field is mapped to the "mask" ACE if the file has an
extended
ACL, so that the change applies to all groups. But Samba seems to set the
group:: (Owning Group) ACE instead.

This behaviour causes some minor problems, especially some users will see
this file with x Bit set, when it shouldn't.

One example:

There is an directory called testdir:

# file: testdir
# owner: root
# group: root
user::rwx
group::---
group:admins:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:admins:rwx
default:mask::rwx
default:other::---

The owning group or world shall never have access to this directory (and
to all children), only members of group 'admins' shall have.

Now if I create a file on the console, it has the following ACL:

# file: testfile1
# owner: dariush
# group: schueler
user::rw-
group::---
group:admins:rwx                #effective:rw-
mask::rw-
other::---

You'll see that group:: is unchanged and mask:: has shortened to rw-

Now a file that I've created through Samba:
(create mask = 0660 or create mask = 0600; make no difference):

# file: testdir/testfile2
# owner: dariush
# group: schueler
user::rw-
group::rw-
group:admins:rwx
mask::rwx
other::---

You see that mask:: is unchanged, while group:: has been changed instead
incorrectly.

So, in my eyes this looks like a bug. If it is not, it would be nice if
someone could point me a way how to get the wanted behaviour somehow else.

regards
Dariush
-- 
PGP Fingerprint: 0x886C99A1

hi

i experienced the same behaviour

do you know whats the reason?
i think its umask

my umask tells me : 022 for root....this changes the "group" setting, 
which is in this ACL case - yes you know - the effective mask

greez

Dariush Forouher schrieb:
> Hello,
> 
> I'm using samba 3.0.2(acl) and kernel 2.4.24+acl, libacl-2.2.23.
> 
> Following problem:
> When I create a file in an directory with extended ACLs, samba applies the
> "create mask" in a wrong way (IMHO).
> The normal behaviour of tools like chmod is that the second (middle)
> permission field is mapped to the "mask" ACE if the file has an
extended
> ACL, so that the change applies to all groups. But Samba seems to set the
> group:: (Owning Group) ACE instead.
> 
> This behaviour causes some minor problems, especially some users will see
> this file with x Bit set, when it shouldn't.
> 
> One example:
> 
> There is an directory called testdir:
> 
> # file: testdir
> # owner: root
> # group: root
> user::rwx
> group::---
> group:admins:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::---
> default:group:admins:rwx
> default:mask::rwx
> default:other::---
> 
> The owning group or world shall never have access to this directory (and
> to all children), only members of group 'admins' shall have.
> 
> Now if I create a file on the console, it has the following ACL:
> 
> # file: testfile1
> # owner: dariush
> # group: schueler
> user::rw-
> group::---
> group:admins:rwx                #effective:rw-
> mask::rw-
> other::---
> 
> You'll see that group:: is unchanged and mask:: has shortened to rw-
> 
> Now a file that I've created through Samba:
> (create mask = 0660 or create mask = 0600; make no difference):
> 
> # file: testdir/testfile2
> # owner: dariush
> # group: schueler
> user::rw-
> group::rw-
> group:admins:rwx
> mask::rwx
> other::---
> 
> You see that mask:: is unchanged, while group:: has been changed instead
> incorrectly.
> 
> So, in my eyes this looks like a bug. If it is not, it would be nice if
> someone could point me a way how to get the wanted behaviour somehow else.
> 
> regards
> Dariush
-- 


          "Matrix - more than a vision"

**************************************************
                  Michael Gasch

            - Central IT Department -

Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
04103 Leipzig

Germany
**************************************************