diff options
| author | Jeremy Allison <jra@samba.org> | 2012-02-02 16:28:39 -0800 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2012-02-03 03:07:32 +0100 |
| commit | 571ee0b1ffcee3b1b0a5793c8bb1146cd69545f5 (patch) | |
| tree | b5320ed07581cbf51e85babb7ef27607d4c2c038 /source3/utils | |
| parent | 9fec2c0ea99b2fe0210765eb657287fce05c631b (diff) | |
| download | samba-571ee0b1ffcee3b1b0a5793c8bb1146cd69545f5.tar.gz samba-571ee0b1ffcee3b1b0a5793c8bb1146cd69545f5.tar.bz2 samba-571ee0b1ffcee3b1b0a5793c8bb1146cd69545f5.zip | |
Only ask for specific permissions required when setting an ACL.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Feb 3 03:07:33 CET 2012 on sn-devel-104
Diffstat (limited to 'source3/utils')
| -rw-r--r-- | source3/utils/smbcacls.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index de68963750..714f47b6f9 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -868,12 +868,21 @@ static bool set_secdesc(struct cli_state *cli, const char *filename, uint16_t fnum = (uint16_t)-1; bool result=true; NTSTATUS status; + uint32_t desired_access = 0; - /* The desired access below is the only one I could find that works - with NT4, W2KP and Samba */ + /* Make the desired_access more specific. */ + if (sd->dacl) { + desired_access |= WRITE_DAC_ACCESS; + } + if (sd->sacl) { + desired_access |= SEC_FLAG_SYSTEM_SECURITY; + } + if (sd->owner_sid || sd->group_sid) { + desired_access |= WRITE_OWNER_ACCESS; + } status = cli_ntcreate(cli, filename, 0, - WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS, + desired_access, 0, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum); if (!NT_STATUS_IS_OK(status)) { |