summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2010-01-11 12:10:47 +0100
committerVolker Lendecke <vl@samba.org>2010-01-11 12:14:37 +0100
commit0ad83813ee5cbebd20d930356be61a9ebdddad46 (patch)
tree7353fafa14a78c6893bca362dea3389a06050c92
parent04f3f27f7e7a4e7ae3584fe9b7ed7c5f5d556ec7 (diff)
downloadsamba-0ad83813ee5cbebd20d930356be61a9ebdddad46.tar.gz
samba-0ad83813ee5cbebd20d930356be61a9ebdddad46.tar.bz2
samba-0ad83813ee5cbebd20d930356be61a9ebdddad46.zip
s3: Add a zfsacl:denymissingspecial parameter
When setting an ACL without any of the user/group/other entries, ZFS automatically creates them. This can at times confuse users a lot. This parameter denies setting such an acl, users explicitly have to for example set an ACE with everyone allowing nothing. Users need to be educated about this, but this helps avoid a lot of confusion.
-rw-r--r--source3/modules/vfs_zfsacl.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
index 312160c026..a3de30e808 100644
--- a/source3/modules/vfs_zfsacl.c
+++ b/source3/modules/vfs_zfsacl.c
@@ -106,6 +106,7 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
ace_t *acebuf;
SMB4ACE_T *smbace;
TALLOC_CTX *mem_ctx;
+ bool have_special_id = false;
/* allocate the field of ZFS aces */
mem_ctx = talloc_tos();
@@ -140,8 +141,17 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
aceprop->who.special_id));
continue; /* don't add it !!! */
}
+ have_special_id = true;
}
}
+
+ if (!have_special_id
+ && lp_parm_bool(fsp->conn->params->service, "zfsacl",
+ "denymissingspecial", false)) {
+ errno = EACCES;
+ return false;
+ }
+
SMB_ASSERT(i == naces);
/* store acl */