From 6575d1d34fee45c7a965c7c9641cc52b566a9e7f Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 2 Oct 2012 10:15:54 -0700
Subject: When setting a non-default ACL, don't forget to apply masks to
 SMB_ACL_USER and SMB_ACL_GROUP entries.

---
 source3/smbd/posix_acls.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'source3/smbd/posix_acls.c')

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 125234cdfa..b00f1ec1bc 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1395,6 +1395,16 @@ static bool ensure_canon_entry_valid(connection_struct *conn,
 				apply_default_perms(params, is_directory, pace, S_IROTH);
 			}
 			pace_other = pace;
+
+		} else if (pace->type == SMB_ACL_USER || pace->type == SMB_ACL_GROUP) {
+
+			/*
+			 * Ensure create mask/force create mode is respected on set.
+			 */
+
+			if (setting_acl && !is_default_acl) {
+				apply_default_perms(params, is_directory, pace, S_IRGRP);
+			}
 		}
 	}
 
-- 
cgit