From 2a1453e2318af77a79180f3137f8a8d3f1240233 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 2 Sep 2011 13:36:10 -0700 Subject: Part 4 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument) Be smarter about setting default permissions when a ACL_USER_OBJ isn't given. Use the principle of least surprises for the user. --- source3/smbd/posix_acls.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 5c9c4b89d4..0be7bec47f 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1409,29 +1409,32 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace pace->unix_ug.uid = pst->st_ex_uid; pace->trustee = *pfile_owner_sid; pace->attr = ALLOW_ACE; + /* Start with existing permissions, principle of least + surprises for the user. */ + pace->perms = pst->st_ex_mode; if (setting_acl) { /* See if the owning user is in any of the other groups in - the ACE. If so, OR in the permissions from that group. */ + the ACE, or if there's a matching user entry. + If so, OR in the permissions from that entry. */ - bool group_matched = False; canon_ace *pace_iter; for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) { - if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) { + if (pace_iter->type == SMB_ACL_USER && + pace_iter->unix_ug.uid == pace->unix_ug.uid) { + pace->perms |= pace_iter->perms; + } else if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) { if (uid_entry_in_group(conn, pace, pace_iter)) { pace->perms |= pace_iter->perms; - group_matched = True; } } } - /* If we only got an "everyone" perm, just use that. */ - if (!group_matched) { + if (pace->perms == 0) { + /* If we only got an "everyone" perm, just use that. */ if (got_other) pace->perms = pace_other->perms; - else - pace->perms = 0; } apply_default_perms(params, is_directory, pace, S_IRUSR); -- cgit