From: samba-bugs@samba.org
To: cifs-qa@samba.org
Subject: [Bug 14493] Conventional tools for managing ACLs can mislead the user
Date: Tue, 15 Sep 2020 16:41:36 +0000 [thread overview]
Message-ID: <bug-14493-10630-fidR1911OE@https.bugzilla.samba.org/> (raw)
In-Reply-To: <bug-14493-10630@https.bugzilla.samba.org/>
https://bugzilla.samba.org/show_bug.cgi?id=14493
--- Comment #2 from Micah Veilleux <micah.veilleux@iba-group.com> ---
Thanks Shyam, you're right. The results with the "cifsacl" mount option are
still problematic. My mount options are now:
------------------------------
mcrw1:/TCS # grep "TCS " /etc/fstab
//mcrs3/TCS /TCS cifs
user=cifsuser,multiuser,domain=VPTC3,sec=krb5,iocharset=utf8,cifsacl,mfsymlinks,nobrl,vers=3.0
0 0
mcrw1:/TCS #
------------------------------
The "+" is still missing from the output of "ls -l":
------------------------------
mcrw1:/TCS # smbcacls //mcrs3/TCS /testfile -k yes
REVISION:1
CONTROL:SR|DP
OWNER:VPTC3\cifsuser
GROUP:VPTC3\Domain Users
ACL:VPTC3\Domain Admins:ALLOWED/0x0/RWDPO
ACL:VPTC3\cifsuser:ALLOWED/0x0/RWDPO
mcrw1:/TCS #
mcrw1:/TCS # ls -l testfile
-rw------- 1 VPTC3\cifsuser VPTC3\domain users 0 Sep 15 16:49 testfile #
permissions are ok, owner and primary group owner are ok, but no "+" is present
to indicate the use of extended ACLs
mcrw1:/TCS #
------------------------------
"chown" fails with error:
------------------------------
mcrw1:/TCS # chown vptc3\\mveil testfile
chown: changing ownership of 'testfile': Input/output error
mcrw1:/TCS # smbcacls //mcrs3/TCS /testfile -k yes
REVISION:1
CONTROL:SR|DP
OWNER:VPTC3\cifsuser # no ownership change made, but at least an error
was reported
GROUP:VPTC3\Domain Users
ACL:VPTC3\Domain Admins:ALLOWED/0x0/RWDPO
ACL:VPTC3\cifsuser:ALLOWED/0x0/RWDPO
mcrw1:/TCS #
------------------------------
"chmod" makes correct changes to the target user, but also incorrect changes to
other users:
------------------------------
mcrw1:/TCS # chmod u+x testfile
mcrw1:/TCS # smbcacls //mcrs3/TCS /testfile -k yes
REVISION:1
CONTROL:SR|DP
OWNER:VPTC3\cifsuser
GROUP:VPTC3\Domain Users
ACL:VPTC3\cifsuser:ALLOWED/0x0/FULL # permissions changed as
expected
ACL:VPTC3\Domain Users:ALLOWED/0x0/0x00120088 # permissions set
unintentionally for "Domain Users", and removed unintentionally for "Domain
Admins"
ACL:Everyone:ALLOWED/0x0/0x00120088 # permissions set
unintentionally
mcrw1:/TCS #
------------------------------
"ls -l" now reports updated information, which is correct within the limits of
what it can convey, though the "+" is of course still missing:
------------------------------
mcrw1:/TCS # ls -l testfile
-rwx------ 1 VPTC3\cifsuser VPTC3\domain users 0 Sep 15 16:49 testfile
mcrw1:/TCS #
------------------------------
--
You are receiving this mail because:
You are the QA Contact for the bug.
prev parent reply other threads:[~2020-09-15 16:43 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-15 2:10 [Bug 14493] New: Conventional tools for managing ACLs can mislead the user samba-bugs
2020-09-15 6:48 ` [Bug 14493] " samba-bugs
2020-09-15 16:41 ` samba-bugs [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-14493-10630-fidR1911OE@https.bugzilla.samba.org/ \
--to=samba-bugs@samba.org \
--cc=cifs-qa@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.