summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs-xml/smbdotconf/security/inheritacls.xml5
-rw-r--r--source3/include/proto.h1
-rw-r--r--source3/modules/vfs_acl_tdb.c6
-rw-r--r--source3/modules/vfs_acl_xattr.c12
-rw-r--r--source3/param/loadparm.c8
5 files changed, 32 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/inheritacls.xml b/docs-xml/smbdotconf/security/inheritacls.xml
index 44afa8a3e2..e2552e32ff 100644
--- a/docs-xml/smbdotconf/security/inheritacls.xml
+++ b/docs-xml/smbdotconf/security/inheritacls.xml
@@ -9,6 +9,11 @@
behavior is to use the unix mode specified when creating the directory.
Enabling this option sets the unix mode to 0777, thus guaranteeing that
default directory acls are propagated.
+
+ Note that using the VFS modules acl_xattr or acl_tdb which store native
+ Windows as meta-data will automatically turn this option on for any
+ share for which they are loaded, as they require this option to emulate
+ Windows ACLs correctly.
</para>
</description>
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 0dbc1c7fed..49d01003b5 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4373,6 +4373,7 @@ void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val);
int lp_min_receive_file_size(void);
char* lp_perfcount_module(void);
void lp_set_passdb_backend(const char *backend);
+bool set_inherit_acls(int i);
/* The following definitions come from param/util.c */
diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index 424ecbf65b..3d06e520e8 100644
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -382,6 +382,12 @@ static int connect_acl_tdb(struct vfs_handle_struct *handle,
SMB_VFS_HANDLE_SET_DATA(handle, db, free_acl_tdb_data,
struct db_context, return -1);
+ /* Ensure we have "inherit acls = yes" if we're
+ * using this module. */
+ DEBUG(2,("connect_acl_tdb: setting 'inherit acls = true' for service %s\n",
+ service ));
+ set_inherit_acls(SNUM(handle->conn));
+
return 0;
}
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index 7a9cd27e5f..11ca8902c0 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -208,8 +208,20 @@ static int sys_acl_set_fd_xattr(vfs_handle_struct *handle,
return ret;
}
+static int connect_acl_xattr(struct vfs_handle_struct *handle,
+ const char *service,
+ const char *user)
+{
+ /* Ensure we have "inherit acls = yes" if we're
+ * using this module. */
+ DEBUG(2,("connect_acl_xattr: setting 'inherit acls = true' for service %s\n",
+ service ));
+ set_inherit_acls(SNUM(handle->conn));
+ return 0;
+}
static struct vfs_fn_pointers vfs_acl_xattr_fns = {
+ .connect_fn = connect_acl_xattr,
.mkdir = mkdir_acl_common,
.open = open_acl_common,
.fget_nt_acl = fget_nt_acl_common,
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index c62deb5eda..b317dc6c8a 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -9843,3 +9843,11 @@ void lp_set_passdb_backend(const char *backend)
{
string_set(&Globals.szPassdbBackend, backend);
}
+
+bool set_inherit_acls(int i)
+{
+ if (!LP_SNUM_OK(i)) {
+ return false;
+ }
+ ServicePtrs[(i)]->bInheritACLS = true;
+}