vfs_acl_common.c: prefer capabilities over become_root

author Björn Jacke <bj@sernet.de>

Fri, 17 Jun 2022 05:25:08 +0000 (07:25 +0200)

committer Bjoern Jacke <bjacke@samba.org>

Thu, 16 Nov 2023 21:38:38 +0000 (21:38 +0000)
author Björn Jacke <bj@sernet.de>
Fri, 17 Jun 2022 05:25:08 +0000 (07:25 +0200)
committer Bjoern Jacke <bjacke@samba.org>
Thu, 16 Nov 2023 21:38:38 +0000 (21:38 +0000)
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c

index daad612e565c28b139eabadb5a291b84c1747f46..692e776d10cd1f261c8c5ff76cfea507a6195a18 100644 (file)
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -761,9 +761,9 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp,
  
         /* Ok, we failed to chown and we have
            SEC_STD_WRITE_OWNER access - override. */
-       become_root();
+       set_effective_capability(DAC_OVERRIDE_CAPABILITY);
         status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
-       unbecome_root();
+       drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
  
         return status;
  }
@@ -1069,7 +1069,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle,
                 goto out;
         }
  
-       become_root();
+       set_effective_capability(DAC_OVERRIDE_CAPABILITY);
         if (is_directory) {
                 ret = SMB_VFS_NEXT_UNLINKAT(handle,
                                 dirfsp,
@@ -1081,7 +1081,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle,
                                 smb_fname,
                                 0);
         }
-       unbecome_root();
+       drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
  
         if (ret == -1) {
                 saved_errno = errno;
author	Björn Jacke <bj@sernet.de>
	Fri, 17 Jun 2022 05:25:08 +0000 (07:25 +0200)
committer	Bjoern Jacke <bjacke@samba.org>
	Thu, 16 Nov 2023 21:38:38 +0000 (21:38 +0000)