When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_A...

author Jeremy Allison <jra@samba.org>

Tue, 2 Oct 2012 17:15:54 +0000 (10:15 -0700)

committer Jeremy Allison <jra@samba.org>

Tue, 2 Oct 2012 18:41:35 +0000 (11:41 -0700)
author Jeremy Allison <jra@samba.org>
Tue, 2 Oct 2012 17:15:54 +0000 (10:15 -0700)
committer Jeremy Allison <jra@samba.org>
Tue, 2 Oct 2012 18:41:35 +0000 (11:41 -0700)
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c

index 125234cdfad4a6cb502462278a47b3f03c3f42e8..b00f1ec1bcfec482022951305856641dab5b3dbc 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1395,6 +1395,16 @@ static bool ensure_canon_entry_valid(connection_struct *conn,
                                 apply_default_perms(params, is_directory, pace, S_IROTH);
                         }
                         pace_other = pace;
+
+               } else if (pace->type == SMB_ACL_USER || pace->type == SMB_ACL_GROUP) {
+
+                       /*
+                        * Ensure create mask/force create mode is respected on set.
+                        */
+
+                       if (setting_acl && !is_default_acl) {
+                               apply_default_perms(params, is_directory, pace, S_IRGRP);
+                       }
                 }
         }
author	Jeremy Allison <jra@samba.org>
	Tue, 2 Oct 2012 17:15:54 +0000 (10:15 -0700)
committer	Jeremy Allison <jra@samba.org>
	Tue, 2 Oct 2012 18:41:35 +0000 (11:41 -0700)