Revert "vfs_acl_common.c: prefer capabilities over become_root"

This reverts commit 12734848dc9901b932644139aaa7e3f78e55c8dc.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 314fc79a3a68a4274f164ba0d067e214b3b2c5f1..e04b672cf9ae7ddb2f561ba7f85217d49d9426c9 100644 (file)
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -764,9 +764,9 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp,
 
        /* Ok, we failed to chown and we have
           SEC_STD_WRITE_OWNER access - override. */
-       set_effective_capability(DAC_OVERRIDE_CAPABILITY);
+       become_root();
        status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
-       drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
+       unbecome_root();
 
        return status;
 }
@@ -1072,7 +1072,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle,
                goto out;
        }
 
-       set_effective_capability(DAC_OVERRIDE_CAPABILITY);
+       become_root();
        if (is_directory) {
                ret = SMB_VFS_NEXT_UNLINKAT(handle,
                                dirfsp,
@@ -1084,7 +1084,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle,
                                smb_fname,
                                0);
        }
-       drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
+       unbecome_root();
 
        if (ret == -1) {
                saved_errno = errno;