diff options
-rw-r--r-- | docs-xml/smbdotconf/security/inheritacls.xml | 5 | ||||
-rw-r--r-- | source3/include/proto.h | 1 | ||||
-rw-r--r-- | source3/modules/vfs_acl_tdb.c | 6 | ||||
-rw-r--r-- | source3/modules/vfs_acl_xattr.c | 12 | ||||
-rw-r--r-- | source3/param/loadparm.c | 8 |
5 files changed, 32 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/inheritacls.xml b/docs-xml/smbdotconf/security/inheritacls.xml index 44afa8a3e2..e2552e32ff 100644 --- a/docs-xml/smbdotconf/security/inheritacls.xml +++ b/docs-xml/smbdotconf/security/inheritacls.xml @@ -9,6 +9,11 @@ behavior is to use the unix mode specified when creating the directory. Enabling this option sets the unix mode to 0777, thus guaranteeing that default directory acls are propagated. + + Note that using the VFS modules acl_xattr or acl_tdb which store native + Windows as meta-data will automatically turn this option on for any + share for which they are loaded, as they require this option to emulate + Windows ACLs correctly. </para> </description> diff --git a/source3/include/proto.h b/source3/include/proto.h index 0dbc1c7fed..49d01003b5 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4373,6 +4373,7 @@ void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val); int lp_min_receive_file_size(void); char* lp_perfcount_module(void); void lp_set_passdb_backend(const char *backend); +bool set_inherit_acls(int i); /* The following definitions come from param/util.c */ diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c index 424ecbf65b..3d06e520e8 100644 --- a/source3/modules/vfs_acl_tdb.c +++ b/source3/modules/vfs_acl_tdb.c @@ -382,6 +382,12 @@ static int connect_acl_tdb(struct vfs_handle_struct *handle, SMB_VFS_HANDLE_SET_DATA(handle, db, free_acl_tdb_data, struct db_context, return -1); + /* Ensure we have "inherit acls = yes" if we're + * using this module. */ + DEBUG(2,("connect_acl_tdb: setting 'inherit acls = true' for service %s\n", + service )); + set_inherit_acls(SNUM(handle->conn)); + return 0; } diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 7a9cd27e5f..11ca8902c0 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -208,8 +208,20 @@ static int sys_acl_set_fd_xattr(vfs_handle_struct *handle, return ret; } +static int connect_acl_xattr(struct vfs_handle_struct *handle, + const char *service, + const char *user) +{ + /* Ensure we have "inherit acls = yes" if we're + * using this module. */ + DEBUG(2,("connect_acl_xattr: setting 'inherit acls = true' for service %s\n", + service )); + set_inherit_acls(SNUM(handle->conn)); + return 0; +} static struct vfs_fn_pointers vfs_acl_xattr_fns = { + .connect_fn = connect_acl_xattr, .mkdir = mkdir_acl_common, .open = open_acl_common, .fget_nt_acl = fget_nt_acl_common, diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index c62deb5eda..b317dc6c8a 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -9843,3 +9843,11 @@ void lp_set_passdb_backend(const char *backend) { string_set(&Globals.szPassdbBackend, backend); } + +bool set_inherit_acls(int i) +{ + if (!LP_SNUM_OK(i)) { + return false; + } + ServicePtrs[(i)]->bInheritACLS = true; +} |