From 828793852f3785c620f2716c60f8b1640880ee50 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 5 Oct 2012 15:51:19 -0700 Subject: We should never just assign an st_mode to an ace->perms field, theoretically they are different so should go through a mapping function. Ensure this is so. Practically this does not matter, as for user permissions the mapping function is an identity, and the extra bits we may add are ignored anyway, but this makes the intent clear. Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sat Oct 6 03:04:14 CEST 2012 on sn-devel-104 --- source3/smbd/posix_acls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index cc953fdfa9..45a921f747 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1506,9 +1506,9 @@ static bool ensure_canon_entry_valid_on_set(connection_struct *conn, pace->unix_ug.id = pst->st_ex_uid; pace->trustee = *pfile_owner_sid; pace->attr = ALLOW_ACE; - /* Start with existing permissions, principle of least + /* Start with existing user permissions, principle of least surprises for the user. */ - pace->perms = pst->st_ex_mode; + pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR); /* See if the owning user is in any of the other groups in the ACE, or if there's a matching user entry (by uid -- cgit