Jeremy Allison
2016-Aug-25 19:14 UTC
[Samba] Issue with acl_xattr:ignore system acls in 4.5rc2
On Wed, Aug 24, 2016 at 04:06:42PM +0200, Ralph Böhme via samba wrote:> > Yeah, as much as I'd like to avoid adding a new option, I guess we > have to do something about it, my latest take on this is > > acl_xattr:default acl style = [posix|windows] > > This parameter determines the type of ACL that is > synthesized in case a file or directory lacks an > security.NTACL xattr. > > When set to posix, an ACL will be synthesized based on the > POSIX mode permissions for user, group and others, with an > additional ACE for NT Authority\SYSTEM will full rights.. > > When set to windows, an ACL is synthesized the same way > Windows does it, only inclusing permissions for the owner > and NT Authority\SYSTEM > > The default for this option is posix. > > tldr: this reverts behaviour to what it was before #12028 and make the > behaviour introduced by #12028 optional. > > Plan? Michael? Uri? Jeremy?I like this. Puts the tweak in the right place IMHO. Jeremy.
Ralph Böhme
2016-Aug-26 16:33 UTC
[Samba] Issue with acl_xattr:ignore system acls in 4.5rc2
On Thu, Aug 25, 2016 at 12:14:00PM -0700, Jeremy Allison wrote:> On Wed, Aug 24, 2016 at 04:06:42PM +0200, Ralph Böhme via samba wrote: > > > > Yeah, as much as I'd like to avoid adding a new option, I guess we > > have to do something about it, my latest take on this is > > > > acl_xattr:default acl style = [posix|windows] > > > > This parameter determines the type of ACL that is > > synthesized in case a file or directory lacks an > > security.NTACL xattr. > > > > When set to posix, an ACL will be synthesized based on the > > POSIX mode permissions for user, group and others, with an > > additional ACE for NT Authority\SYSTEM will full rights.. > > > > When set to windows, an ACL is synthesized the same way > > Windows does it, only inclusing permissions for the owner > > and NT Authority\SYSTEM > > > > The default for this option is posix. > > > > tldr: this reverts behaviour to what it was before #12028 and make the > > behaviour introduced by #12028 optional. > > > > Plan? Michael? Uri? Jeremy? > > I like this. Puts the tweak in the right place IMHO.ok, final patchset attached. Bonus: it has a test. Please review & comment & then let's have a final discussion which default ACL style should be the default, posix or windows. Thanks! Cheerio! -slow
Jeremy Allison
2016-Aug-26 16:39 UTC
[Samba] Issue with acl_xattr:ignore system acls in 4.5rc2
On Fri, Aug 26, 2016 at 06:33:26PM +0200, Ralph Böhme via samba wrote:> On Thu, Aug 25, 2016 at 12:14:00PM -0700, Jeremy Allison wrote: > > On Wed, Aug 24, 2016 at 04:06:42PM +0200, Ralph Böhme via samba wrote: > > > > > > Yeah, as much as I'd like to avoid adding a new option, I guess we > > > have to do something about it, my latest take on this is > > > > > > acl_xattr:default acl style = [posix|windows] > > > > > > This parameter determines the type of ACL that is > > > synthesized in case a file or directory lacks an > > > security.NTACL xattr. > > > > > > When set to posix, an ACL will be synthesized based on the > > > POSIX mode permissions for user, group and others, with an > > > additional ACE for NT Authority\SYSTEM will full rights.. > > > > > > When set to windows, an ACL is synthesized the same way > > > Windows does it, only inclusing permissions for the owner > > > and NT Authority\SYSTEM > > > > > > The default for this option is posix. > > > > > > tldr: this reverts behaviour to what it was before #12028 and make the > > > behaviour introduced by #12028 optional. > > > > > > Plan? Michael? Uri? Jeremy? > > > > I like this. Puts the tweak in the right place IMHO. > > ok, final patchset attached. Bonus: it has a test.ENOPATCH :-).