From af7b930e2bfe2275cee14dc2154f2aea8875fa63 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bj=C3=B6rn=20Jacke?= Date: Mon, 25 Mar 2024 17:04:17 +0100 Subject: [PATCH] Revert "vfs_acl_common.c: prefer capabilities over become_root" This reverts commit 12734848dc9901b932644139aaa7e3f78e55c8dc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme --- source3/modules/vfs_acl_common.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 314fc79a3a6..e04b672cf9a 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -764,9 +764,9 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp, /* Ok, we failed to chown and we have SEC_STD_WRITE_OWNER access - override. */ - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); return status; } @@ -1072,7 +1072,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle, goto out; } - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); if (is_directory) { ret = SMB_VFS_NEXT_UNLINKAT(handle, dirfsp, @@ -1084,7 +1084,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle, smb_fname, 0); } - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); if (ret == -1) { saved_errno = errno; -- 2.34.1