When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_A...

[samba.git] / source3 / smbd / posix_acls.c

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index f7258bd66d779938101183bd92ead522d2b05f0a..646efa4b69ccb75d54433db76c6775283e881510 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1386,6 +1386,16 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
                        }
                        got_other = True;
                        pace_other = pace;
+
+               } else if (pace->type == SMB_ACL_USER || pace->type == SMB_ACL_GROUP) {
+
+                       /*
+                        * Ensure create mask/force create mode is respected on set.
+                        */
+
+                       if (setting_acl && !is_default_acl) {
+                               apply_default_perms(params, is_directory, pace, S_IRGRP);
+                       }
                }
        }