* [Bug 14494] New: "setcifsacl" confuses "R" permission with "RX"
@ 2020-09-15 2:14 samba-bugs
2021-03-18 7:33 ` [Bug 14494] " samba-bugs
0 siblings, 1 reply; 4+ messages in thread
From: samba-bugs @ 2020-09-15 2:14 UTC (permalink / raw)
To: cifs-qa
https://bugzilla.samba.org/show_bug.cgi?id=14494
Bug ID: 14494
Summary: "setcifsacl" confuses "R" permission with "RX"
Product: CifsVFS
Version: 3.x
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: user space tools
Assignee: jlayton@samba.org
Reporter: micah.veilleux@iba-group.com
QA Contact: cifs-qa@samba.org
Target Milestone: ---
When attempting to set "R" permission with "setcifsacl", "RX" (equivalent to
"READ") is set instead:
------------------------------
mcrw1:/TCS # getcifsacl testfile
REVISION:0x1
CONTROL:0x8004
OWNER:VPTC3\cifsuser
GROUP:VPTC3\Domain Users
ACL:VPTC3\Domain Admins:ALLOWED/0x0/RWDPO
ACL:VPTC3\cifsuser:ALLOWED/0x0/RWDPO
mcrw1:/TCS #
mcrw1:/TCS # setcifsacl -a "ACL:VPTC3\mveil:ALLOWED/0x0/R" testfile
mcrw1:/TCS #
mcrw1:/TCS # getcifsacl testfile
REVISION:0x1
CONTROL:0x8004
OWNER:VPTC3\cifsuser
GROUP:VPTC3\Domain Users
ACL:VPTC3\Domain Admins:ALLOWED/0x0/RWDPO
ACL:VPTC3\cifsuser:ALLOWED/0x0/RWDPO
ACL:VPTC3\mveil:ALLOWED/0x0/READ # --> not ok, should be "R"
mcrw1:/TCS #
mcrw1:/TCS # rm testfile ; touch testfile
mcrw1:/TCS #
mcrw1:/TCS # setcifsacl -a "ACL:VPTC3\mveil:ALLOWED/0x0/RX" testfile
mcrw1:/TCS #
mcrw1:/TCS # getcifsacl testfile
REVISION:0x1
CONTROL:0x8004
OWNER:VPTC3\cifsuser
GROUP:VPTC3\Domain Users
ACL:VPTC3\Domain Admins:ALLOWED/0x0/RWDPO
ACL:VPTC3\cifsuser:ALLOWED/0x0/RWDPO
ACL:VPTC3\mveil:ALLOWED/0x0/READ # --> ok
mcrw1:/TCS #
------------------------------
--
You are receiving this mail because:
You are the QA Contact for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 14494] "setcifsacl" confuses "R" permission with "RX"
2020-09-15 2:14 [Bug 14494] New: "setcifsacl" confuses "R" permission with "RX" samba-bugs
@ 2021-03-18 7:33 ` samba-bugs
2021-03-18 7:50 ` we actually need richacls Björn JACKE
0 siblings, 1 reply; 4+ messages in thread
From: samba-bugs @ 2021-03-18 7:33 UTC (permalink / raw)
To: cifs-qa
https://bugzilla.samba.org/show_bug.cgi?id=14494
Björn Jacke <bjacke@samba.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|3.x |5.x
--- Comment #1 from Björn Jacke <bjacke@samba.org> ---
can someone of the cifs vfs developers please have a look?
Generlly much of the cifsacl stuff is really nice bug with the outstanding
bugs, some of those that Micah reported, cifs vfs with NT ACLs is just not
usable and people who *need* to use full NT ACLs with a POSIX client have no
other option than using a different OS with native NFS4 ACLs support like
FreeBSD currently.
--
You are receiving this mail because:
You are the QA Contact for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: we actually need richacls ...
2021-03-18 7:33 ` [Bug 14494] " samba-bugs
@ 2021-03-18 7:50 ` Björn JACKE
[not found] ` <CAH2r5msva0XmGjNMonOp0PtXXi5aJeAZ92Cr_MeohEwhzK-kWQ@mail.gmail.com>
0 siblings, 1 reply; 4+ messages in thread
From: Björn JACKE @ 2021-03-18 7:50 UTC (permalink / raw)
Cc: linux-cifs
On 2021-03-18 at 07:33 +0000 samba-bugs@samba.org sent off:
> --- Comment #1 from Björn Jacke <bjacke@samba.org> ---
> Generlly much of the cifsacl stuff is really nice bug with the outstanding
> bugs, some of those that Micah reported, cifs vfs with NT ACLs is just not
> usable and people who *need* to use full NT ACLs with a POSIX client have no
> other option than using a different OS with native NFS4 ACLs support like
> FreeBSD currently.
it would also be great if the cifs developers would all trogether try to
convince the kernel developers that the richacl implmentation gets upstreamed.
cifs vfs urgently needs it. NT ACLs on POSIX clients are practically unusabe
without having richalcs. Same for the upcoming cifs kernel server.
I tried to bring up the richacl topic a while ago on the kerenel mailing list
but the voices of many of the cifs developers will be much more significant and
can not so easily be ignored by the kernel maintainer I think.
Björn
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: we actually need richacls ...
[not found] ` <CAN05THTtitSbSEbXtFDJUB3dpTzBFEh5bQLSE=mSheLrsvvNrA@mail.gmail.com>
@ 2021-03-22 11:30 ` Björn JACKE
0 siblings, 0 replies; 4+ messages in thread
From: Björn JACKE @ 2021-03-22 11:30 UTC (permalink / raw)
To: ronnie sahlberg
Cc: Steve French, Aurélien Aptel, Paulo Alcantara, linux-cifs,
linux-cifsd-devel
On 2021-03-20 at 16:35 +1000 ronnie sahlberg sent off:
> What we are talking about is NTFS semantics and how to integrate it
> into a posix environment like Linux.
as we are talking here about Unix systems, let's call what we're talking about
NFS4 ACLs. See:
https://wiki.samba.org/index.php/NFS4_ACL_overview
> We are not going to implement NTFS semantics in the kernel, that train
> left the station 20 years ago.
the train of NFS4 ACLs in Linux actually didn't leave the station at all, it's
still in the station waiting for lights switching to green :)
> What we can do is to try to emulate. Try to map NTFS onto posix in a
> way that makes most sense for most
> average people.
As mapping the ACLs is too lossy, cifs has the cifsacl mount option, but that
is buggy, issues with that don't get a lot of attention.
> But that is it. We can never do 100% ntfs.
true, this why Samba started the acl_xattr to manage the ACLs on its own in
userspace. This is making it difficult to manage though as you have to do that
through the SMB layser then only. Also no interoperability with native file
access or different layers like NFS is impossible with that. The acl_xattr
modules was born out of pitty that we're in that we lack NFS4 ACLs on Linux.
> And we cover the main use cases.
with "cover most use cases" you are still talking generally about POSIX draft
ACLs vs. NFS4 ACLs here?
> Are there use cases where the mappings will not work becasue we are
> not NTFS? Very likely.
lot's of cases. Starting from the concept of ACL inheritence which doesn't
exist in POSIX draft ACLs at all (no, POSIX draft default ACLs are not
comparable with it).
> Maybe those use cases that require full 100% NTFS semantics should
> just use windows?
you want to ask people who need NFS4 ACLs to use Windows, seriously? I rather
recommend using other Unix systems that support NFS4 ACLs. Actually all other
actively developed Unix systems do support NFS4 ACLS.
Customers, who want to use SMB also for their Linux clients, give up quite
soon because of the shortcomings of the permission management.. Without native
NFS4 ACLs this will probably not change - this is why I ask the cifs vfs and
the cifsd people here to help push to get NFS4 ACLs aka richacls in he kernel
vfs layer.
You know that POSIX draft ACLs had never been finally standrarized, they were
were withdrawn in 1997. However NFS4 ACLs are standarized.
> If not, patches sent to the mailinglist are welcome.
Andreas Grünbacher sent working patches long time ago, see the links from
the wiki article above.
Björn
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-03-22 11:31 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-15 2:14 [Bug 14494] New: "setcifsacl" confuses "R" permission with "RX" samba-bugs
2021-03-18 7:33 ` [Bug 14494] " samba-bugs
2021-03-18 7:50 ` we actually need richacls Björn JACKE
[not found] ` <CAH2r5msva0XmGjNMonOp0PtXXi5aJeAZ92Cr_MeohEwhzK-kWQ@mail.gmail.com>
[not found] ` <CAN05THTtitSbSEbXtFDJUB3dpTzBFEh5bQLSE=mSheLrsvvNrA@mail.gmail.com>
2021-03-22 11:30 ` Björn JACKE
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).