From: Jeremy Allison Date: Mon, 24 Nov 2008 23:40:50 +0000 (-0800) Subject: Fix bug #5873 - ACL inheritance cannot be broken. This regresses #4308, but that... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=649572c454328b81714b86d3f99f730bf61625e0;p=thirdparty%2Fsamba.git Fix bug #5873 - ACL inheritance cannot be broken. This regresses #4308, but that will have to be fixed another way. Jeremy. --- diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 2242405d413..33cba6aeb7e 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -3119,6 +3119,9 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid) return ret; } +#if 0 +/* Disable this - prevents ACL inheritance from the ACL editor. JRA. */ + /**************************************************************************** Take care of parent ACL inheritance. ****************************************************************************/ @@ -3313,6 +3316,7 @@ static NTSTATUS append_parent_acl(files_struct *fsp, *pp_new_sd = psd; return status; } +#endif /**************************************************************************** Reply to set a security descriptor on an fsp. security_info_sent is the @@ -3426,6 +3430,9 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid); +#if 0 + /* Disable this - prevents ACL inheritance from the ACL editor. JRA. */ + /* See here: http://www.codeproject.com/KB/winsdk/accessctrl2.aspx * for details and also the log trace in bug #4308. JRA. */ @@ -3441,6 +3448,7 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) return False; } } +#endif acl_perms = unpack_canon_ace( fsp, &sbuf, &file_owner_sid, &file_grp_sid, &file_ace_list, &dir_ace_list, security_info_sent, psd);