On Thu, Aug 30, 2012 at 17:52:08, Jeremy Allison wrote: > On Thu, Aug 30, 2012 at 05:09:10PM -0600, Walkes, Dan wrote: > > On Wed, Aug 29, 2012 at 21:45:24, Jeremy Allison wrote: > > > On Fri, Aug 24, 2012 at 11:08:53AM -0600, Walkes, Dan wrote: > > > > Hi everyone, > > > > > > > > I've noticed a problem with Debian wheezy + samba 3.6.6 > > > > configured with acl_xattr in my configuration. The following > > > > test sequence causes Windows Explorer to report incorrectly > > > > ordered permission > > entries: > > > > 1) Map a share as with "admin" user credentials to a drive letter > > > > on a Windows client > > > > 2) Create a folder at the root of the share "rootfolder" > > > > 3) Create a subfolder "subfolder1" under "rootfolder" > > > > 4) Un-check "Include inheritable permissions from this object's > > > > parent" in the windows security settings dialog for Windows > > > > Explorer > > > > > > on the root folder > > > > 5) Create a subfolder "subfolder2" under "subfolder1" > > > > 6) Right-click with Windows Explorer and attempt to edit the > > > > permissions of "subfolder2". Windows Explorer pops up a message
> > > > stating "The permissions on subfolder2 are incorrectly ordered, > > > > which may cause some entries to be ineffective." > > > > > > FYI, the complete and correct fix for this ifor 3.6.next s now > > attached to bug : > > > > > > https://bugzilla.samba.org/show_bug.cgi?id=9124 > > > > > > as a patch. Please test (it fixes the problem here). Thanks for > > > reporting this, the same code will go into master as soon as I've > > > finished wrestling with autobuild :-). > > > > > > > Thanks Jeremy. I've tested today. I can confirm it fixes the > > incorrect ordering issue and sequence 1-6 works for me. I can also > > confirm that after removing inheritance on a root folder from > > windows the I flag is set for all permissions on subfolders as > > expected. I did notice however that in my case if I never modify > > permissions or change permissions from Windows Explorer the I flag > > is still not set on inherited permissions, at least with my configuration. > > Actually this is what you'd expect with a security descriptor type of : > CONTROL:0x8004 > > (SEC_DESC_SELF_RELATIVE = 0x8000| > SEC_DESC_DACL_PRESENT = 0x0004). > > On Windows you'll probably have : > > CONTROL:0x8404 > > (SEC_DESC_SELF_RELATIVE = 0x8000| > SEC_DESC_DACL_AUTO_INHERITED = 0x0400| > SEC_DESC_DACL_PRESENT = 0x0004). > > which explains the difference. If you set a security descriptor on > rootfolder/ from the Windows client and end up with CONTROL:0x8404, > then whenever you create subfolders/files below that you'll see the "INHERITED" > bit (that's what the patch solves). > > Jeremy. Yes this explains it. Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
