access the data via Samba you might set this to yes to achieve
better NT ACL compatibility.
</para>
+
+ <para>
+ If <emphasis>acl_tdb:ignore system acls</emphasis>
+ is set to <emphasis>yes</emphasis>, the following
+ additional settings will be enforced:
+ <itemizedlist>
+ <listitem><para>create mask = 0666</para></listitem>
+ <listitem><para>directory mask = 0777</para></listitem>
+ <listitem><para>map archive = no</para></listitem>
+ <listitem><para>map hidden = no</para></listitem>
+ <listitem><para>map readonly = no</para></listitem>
+ <listitem><para>map system = no</para></listitem>
+ <listitem><para>store dos attributes = yes</para></listitem>
+ </itemizedlist>
+ </para>
</listitem>
</varlistentry>
access the data via Samba you might set this to yes to achieve
better NT ACL compatibility.
</para>
+
+ <para>
+ If <emphasis>acl_xattr:ignore system acls</emphasis>
+ is set to <emphasis>yes</emphasis>, the following
+ additional settings will be enforced:
+ <itemizedlist>
+ <listitem><para>create mask = 0666</para></listitem>
+ <listitem><para>directory mask = 0777</para></listitem>
+ <listitem><para>map archive = no</para></listitem>
+ <listitem><para>map hidden = no</para></listitem>
+ <listitem><para>map readonly = no</para></listitem>
+ <listitem><para>map system = no</para></listitem>
+ <listitem><para>store dos attributes = yes</para></listitem>
+ </itemizedlist>
+ </para>
</listitem>
</varlistentry>
{
int ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
bool ok;
+ struct acl_common_config *config = NULL;
if (ret < 0) {
return ret;
lp_do_parameter(SNUM(handle->conn), "dos filemode", "true");
lp_do_parameter(SNUM(handle->conn), "force unknown acl user", "true");
+ SMB_VFS_HANDLE_GET_DATA(handle, config,
+ struct acl_common_config,
+ return -1);
+
+ if (config->ignore_system_acls) {
+ DBG_NOTICE("setting 'create mask = 0666', "
+ "'directory mask = 0777', "
+ "'store dos attributes = yes' and all "
+ "'map ...' options to 'no'\n");
+
+ lp_do_parameter(SNUM(handle->conn), "create mask", "0666");
+ lp_do_parameter(SNUM(handle->conn), "directory mask", "0777");
+ lp_do_parameter(SNUM(handle->conn), "map archive", "no");
+ lp_do_parameter(SNUM(handle->conn), "map hidden", "no");
+ lp_do_parameter(SNUM(handle->conn), "map readonly", "no");
+ lp_do_parameter(SNUM(handle->conn), "map system", "no");
+ lp_do_parameter(SNUM(handle->conn), "store dos attributes",
+ "yes");
+ }
+
return 0;
}
{
int ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
bool ok;
+ struct acl_common_config *config = NULL;
if (ret < 0) {
return ret;
lp_do_parameter(SNUM(handle->conn), "dos filemode", "true");
lp_do_parameter(SNUM(handle->conn), "force unknown acl user", "true");
+ SMB_VFS_HANDLE_GET_DATA(handle, config,
+ struct acl_common_config,
+ return -1);
+
+ if (config->ignore_system_acls) {
+ DBG_NOTICE("setting 'create mask = 0666', "
+ "'directory mask = 0777', "
+ "'store dos attributes = yes' and all "
+ "'map ...' options to 'no'\n");
+
+ lp_do_parameter(SNUM(handle->conn), "create mask", "0666");
+ lp_do_parameter(SNUM(handle->conn), "directory mask", "0777");
+ lp_do_parameter(SNUM(handle->conn), "map archive", "no");
+ lp_do_parameter(SNUM(handle->conn), "map hidden", "no");
+ lp_do_parameter(SNUM(handle->conn), "map readonly", "no");
+ lp_do_parameter(SNUM(handle->conn), "map system", "no");
+ lp_do_parameter(SNUM(handle->conn), "store dos attributes",
+ "yes");
+ }
+
return 0;
}
exp_sd = security_descriptor_dacl_create(
tctx, 0, owner_sid, group_sid,
owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_ALL, 0,
- group_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE, 0,
- SID_WORLD, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE, 0,
+ group_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, FILE_GENERIC_READ|FILE_GENERIC_WRITE|FILE_GENERIC_EXECUTE, 0,
+ SID_WORLD, SEC_ACE_TYPE_ACCESS_ALLOWED, FILE_GENERIC_READ|FILE_GENERIC_WRITE|FILE_GENERIC_EXECUTE, 0,
SID_NT_SYSTEM, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_ALL, 0,
NULL);
git.samba.org / samba.git / commitdiff