s4-provision Ensure we have posix ACLs before we permit a s3fs-based Samba4 to be...

diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index a60c05a67788daf9dd25be8b89849e9f59e7ed14..db98d5146fe36bf3025144b8509feeba2799dc4d 100644 (file)
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -38,11 +38,13 @@ import uuid
 import socket
 import urllib
 import string
+import tempfile
 
 import ldb
 
 from samba.auth import system_session, admin_session
 import samba
+from samba.samba3 import smbd
 from samba.dsdb import DS_DOMAIN_FUNCTION_2000
 from samba import (
     Ldb,
@@ -1658,6 +1660,18 @@ def provision(logger, session_info, credentials, smbconf=None,
         server_services.append("+s3fs")
         global_param["dcerpc endpoint servers"] = ["-winreg", "-srvsvc"]
 
+        if targetdir is not None:
+            file = tempfile.NamedTemporaryFile(dir=os.path.abspath(targetdir))
+        else:
+            file = tempfile.NamedTemporaryFile(dir=os.path.abspath(os.path.dirname(lp.get("private dir"))))
+        try:
+            try:
+                smbd.set_simple_acl(file.name, root_uid, wheel_gid)
+            except Exception:
+                raise ProvisioningError("Your filesystem or build does not support posix ACLs, s3fs is unworkable in this mode")
+        finally:
+            file.close()
+
     if len(server_services) > 0:
         global_param["server services"] = server_services