From 0ad83813ee5cbebd20d930356be61a9ebdddad46 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 11 Jan 2010 12:10:47 +0100 Subject: [PATCH] s3: Add a zfsacl:denymissingspecial parameter When setting an ACL without any of the user/group/other entries, ZFS automatically creates them. This can at times confuse users a lot. This parameter denies setting such an acl, users explicitly have to for example set an ACE with everyone allowing nothing. Users need to be educated about this, but this helps avoid a lot of confusion. --- source3/modules/vfs_zfsacl.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 312160c0267..a3de30e8085 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -106,6 +106,7 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) ace_t *acebuf; SMB4ACE_T *smbace; TALLOC_CTX *mem_ctx; + bool have_special_id = false; /* allocate the field of ZFS aces */ mem_ctx = talloc_tos(); @@ -140,8 +141,17 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) aceprop->who.special_id)); continue; /* don't add it !!! */ } + have_special_id = true; } } + + if (!have_special_id + && lp_parm_bool(fsp->conn->params->service, "zfsacl", + "denymissingspecial", false)) { + errno = EACCES; + return false; + } + SMB_ASSERT(i == naces); /* store acl */ -- 2.34.1