diff options
author | Volker Lendecke <vl@samba.org> | 2010-01-11 12:10:47 +0100 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2010-01-11 12:14:37 +0100 |
commit | 0ad83813ee5cbebd20d930356be61a9ebdddad46 (patch) | |
tree | 7353fafa14a78c6893bca362dea3389a06050c92 | |
parent | 04f3f27f7e7a4e7ae3584fe9b7ed7c5f5d556ec7 (diff) | |
download | samba-0ad83813ee5cbebd20d930356be61a9ebdddad46.tar.gz samba-0ad83813ee5cbebd20d930356be61a9ebdddad46.tar.bz2 samba-0ad83813ee5cbebd20d930356be61a9ebdddad46.zip |
s3: Add a zfsacl:denymissingspecial parameter
When setting an ACL without any of the user/group/other entries, ZFS
automatically creates them. This can at times confuse users a lot. This
parameter denies setting such an acl, users explicitly have to for example set
an ACE with everyone allowing nothing. Users need to be educated about this,
but this helps avoid a lot of confusion.
-rw-r--r-- | source3/modules/vfs_zfsacl.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 312160c026..a3de30e808 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -106,6 +106,7 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) ace_t *acebuf; SMB4ACE_T *smbace; TALLOC_CTX *mem_ctx; + bool have_special_id = false; /* allocate the field of ZFS aces */ mem_ctx = talloc_tos(); @@ -140,8 +141,17 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) aceprop->who.special_id)); continue; /* don't add it !!! */ } + have_special_id = true; } } + + if (!have_special_id + && lp_parm_bool(fsp->conn->params->service, "zfsacl", + "denymissingspecial", false)) { + errno = EACCES; + return false; + } + SMB_ASSERT(i == naces); /* store acl */ |