diff options
| author | Jeremy Allison <jra@samba.org> | 2011-09-07 22:18:18 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2011-09-08 08:50:12 +0200 |
| commit | de710cee37dafba74ee16e5aa529f39560ecae0c (patch) | |
| tree | a52c496506bb01ec80238e5ecaabae879564b07b | |
| parent | e0c5f1c1ab2db6042112ee445941b04ae162e778 (diff) | |
| download | samba-de710cee37dafba74ee16e5aa529f39560ecae0c.tar.gz samba-de710cee37dafba74ee16e5aa529f39560ecae0c.tar.bz2 samba-de710cee37dafba74ee16e5aa529f39560ecae0c.zip | |
Revert "Part 4 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)"
This belongs as part of the bugfix for bug #8443 - Default user entry is set to minimal permissions on incoming ACL change with no user specified.
Not as part of #7509.
This reverts commit 2a1453e2318af77a79180f3137f8a8d3f1240233.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Sep 8 08:50:12 CEST 2011 on sn-devel-104
| -rw-r--r-- | source3/smbd/posix_acls.c | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 0be7bec47f..5c9c4b89d4 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1409,32 +1409,29 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace pace->unix_ug.uid = pst->st_ex_uid; pace->trustee = *pfile_owner_sid; pace->attr = ALLOW_ACE; - /* Start with existing permissions, principle of least - surprises for the user. */ - pace->perms = pst->st_ex_mode; if (setting_acl) { /* See if the owning user is in any of the other groups in - the ACE, or if there's a matching user entry. - If so, OR in the permissions from that entry. */ + the ACE. If so, OR in the permissions from that group. */ + bool group_matched = False; canon_ace *pace_iter; for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) { - if (pace_iter->type == SMB_ACL_USER && - pace_iter->unix_ug.uid == pace->unix_ug.uid) { - pace->perms |= pace_iter->perms; - } else if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) { + if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) { if (uid_entry_in_group(conn, pace, pace_iter)) { pace->perms |= pace_iter->perms; + group_matched = True; } } } - if (pace->perms == 0) { - /* If we only got an "everyone" perm, just use that. */ + /* If we only got an "everyone" perm, just use that. */ + if (!group_matched) { if (got_other) pace->perms = pace_other->perms; + else + pace->perms = 0; } apply_default_perms(params, is_directory, pace, S_IRUSR); |