BOOL bFakeDirCreateTimes;
BOOL bBlockingLocks;
BOOL bInheritPerms;
+ BOOL bInheritACLS;
BOOL bMSDfsRoot;
BOOL bUseClientDriver;
BOOL bDefaultDevmode;
False, /* bFakeDirCreateTimes */
True, /* bBlockingLocks */
False, /* bInheritPerms */
+ False, /* bInheritACLS */
False, /* bMSDfsRoot */
False, /* bUseClientDriver */
False, /* bDefaultDevmode */
{"directory security mask", P_OCTAL, P_LOCAL, &sDefault.iDir_Security_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"force directory security mode", P_OCTAL, P_LOCAL, &sDefault.iDir_Security_force_mode, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"inherit permissions", P_BOOL, P_LOCAL, &sDefault.bInheritPerms, NULL, NULL, FLAG_SHARE},
+ {"inherit acls", P_BOOL, P_LOCAL, &sDefault.bInheritACLS, NULL, NULL, FLAG_SHARE},
{"guest only", P_BOOL, P_LOCAL, &sDefault.bGuest_only, NULL, NULL, FLAG_SHARE},
{"only guest", P_BOOL, P_LOCAL, &sDefault.bGuest_only, NULL, NULL, 0},
FN_LOCAL_BOOL(lp_fake_dir_create_times, bFakeDirCreateTimes)
FN_LOCAL_BOOL(lp_blocking_locks, bBlockingLocks)
FN_LOCAL_BOOL(lp_inherit_perms, bInheritPerms)
+FN_LOCAL_BOOL(lp_inherit_acls, bInheritACLS)
FN_LOCAL_BOOL(lp_use_client_driver, bUseClientDriver)
FN_LOCAL_BOOL(lp_default_devmode, bDefaultDevmode)
FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport)
BOOL delete_on_close = GET_DELETE_ON_CLOSE_FLAG(share_mode);
BOOL file_existed = VALID_STAT(*psbuf);
BOOL fcbopen = False;
+ BOOL def_acl = False;
SMB_DEV_T dev = 0;
SMB_INO_T inode = 0;
int num_share_modes = 0;
*/
}
+ /*
+ * Ensure we pay attention to default ACLs on directories if required.
+ */
+
+ if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
+ (def_acl = directory_has_default_acl(parent_dirname(fname))))
+ mode = 0777;
+
DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o\n",
flags,flags2,(int)mode));
}
/*
- * Take care of inherited ACLs on created files. JRA.
+ * Take care of inherited ACLs on created files - if default ACL not
+ * selected.
*/
- if (!file_existed && (conn->vfs_ops.fchmod_acl != NULL)) {
+ if (!file_existed && !def_acl && (conn->vfs_ops.fchmod_acl != NULL)) {
int saved_errno = errno; /* We might get ENOSYS in the next call.. */
if (conn->vfs_ops.fchmod_acl(fsp, fsp->fd, mode) == -1 && errno == ENOSYS)
errno = saved_errno; /* Ignore ENOSYS */
int vfswrap_mkdir(connection_struct *conn, const char *path, mode_t mode)
{
- int result;
+ int result;
+ BOOL has_dacl = False;
- START_PROFILE(syscall_mkdir);
+ START_PROFILE(syscall_mkdir);
#ifdef VFS_CHECK_NULL
- if (path == NULL) {
- smb_panic("NULL pointer passed to vfswrap_mkdir()\n");
- }
+ if (path == NULL) {
+ smb_panic("NULL pointer passed to vfswrap_mkdir()\n");
+ }
#endif
- result = mkdir(path, mode);
+ if (lp_inherit_acls(SNUM(conn)) && (has_dacl = directory_has_default_acl(parent_dirname(path))))
+ mode = 0777;
+
+ result = mkdir(path, mode);
- if (result == 0) {
+ if (result == 0 && !has_dacl) {
/*
* We need to do this as the default behavior of POSIX ACLs
* is to set the mask to be the requested group permission