We should never just assign an st_mode to an ace->perms field, theoretically

[metze/samba/wip.git] / source3 / smbd / posix_acls.c

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index cc953fdfa929bbd092b9008b20c6557171e589d7..45a921f747c70e844c323346960bbc77b7201287 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1506,9 +1506,9 @@ static bool ensure_canon_entry_valid_on_set(connection_struct *conn,
                pace->unix_ug.id = pst->st_ex_uid;
                pace->trustee = *pfile_owner_sid;
                pace->attr = ALLOW_ACE;
-               /* Start with existing permissions, principle of least
+               /* Start with existing user permissions, principle of least
                   surprises for the user. */
-               pace->perms = pst->st_ex_mode;
+               pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR);
 
                /* See if the owning user is in any of the other groups in
                   the ACE, or if there's a matching user entry (by uid